On 6/22/05, • • <googl3meister at gmail dot com> wrote:
> > Then since you don't allow anything inbound, you're just doing it for
> > the sake of seeing what's out there because you're curious. That's
> > much different than relying on it for detecting intrusions. You're
> > just using it as a Internet Crud Detector. (how about a new acronym,
> > ICD!) :) You aren't going to detect any intrusions because you
> > aren't allowing any of that traffic in. A simple ICD is fine for the
> > sake of the curious, but if you actually want to detect intrusions,
> > it's of little value.
> I'm sorry but that's just not true - I still use it to get out... I'm
> sorry, but you don't appear to have much commercial experience with
I have plenty of commercial IDS experience, including Snort. You're
missing my point. If you're dropping all inbound traffic, as you
said, you *aren't* detecting intrusions! There can't be any!! (at
least in the traditional inbound from the Internet sense) You're
detecting crud on the Internet that can't possibly hurt you.