becuase it is too hard to convert history to a formal description. doing it
not smart enough will lead to necessarity of adding new patterns daily or
even hourly ;-)

On Thu, Jun 02, 2005 at 03:36:36PM -0400, J. Oquendo wrote:
>
> > It is ok when securing server traffic, but becames extremely difficult
> > when it comes to client proxy, because there are too many legitimate
> > traffic patterns to add :-(

>
> Why not take a 2 week snapshot of normal traffic patterns then create your
> ruleset after seeing normal traffic pattern activity.
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/li...rewall-wizards
>
> [ Note: This message contains email list management information ]
>
> =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ =+
> J. Oquendo
> GPG Key ID 0x97B43D89
> http://pgp.mit.edu:11371/pks/lookup?...rch=0x97B43D89
>
> To conquer the enemy without resorting to war is the most
> desirable. The highest form of generalship is to conquer
> the enemy by strategy." - Sun Tzu
>
> email protected and scanned by AdvascanTM - keeping email useful - www.advascan.com
>
>
>


_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/li...rewall-wizards