Biological Network Security

mercut writes: "A friend of mine recently wrote a Guest Feature on SecurityFocus about Biological Network Security. It has some interesting implications and I thought the /. community could provide some good perspective into IDS communication and security."

Ironically, this is a DoS tool itself..

[Toast]

While attempting to stop network attacks, including Denial of Service attacks, the author has proposed an excellent DoS tool.

Given how easy it is to spoof traffic over the insecure IP and TCP protocols, all an attacker would have to do is spoof some attacks coming from some of AOL's IPs, and all of a sudden all AOL users can't access your site, since the CAS system told the backbone routers to block all the AOL IPs .

If you use the biology metaphor, this is an alergy. Your system is reacting aggressively to something that isn't a threat.

IDSs have had the ability to configure firewall ACLs for years via OPSEC SAMP, etc., but almost no-one uses it for this very reason, it's just too easy to trick.

The real solution is to redesign the internet protocols with security in mind. Something like IPSec does a lot more than this proposes system ever would.

The one good idea the article had was centralized analysis, but as the article mentioned, this was discussed more thoroughly in a previous article on securityfocus.