> From bugtraq-owner@fc.net Mon Oct 10 18:20:04 1994 > Curious to note tho, is that their system was down after that message was > posted for most of the time. Atleast from people Ive talked with, they said > they couldnt ping it, nor connect to it, much less try to attack it. I've pinged it at least once a day for the past 2 weeks, and it hasn't been up once.. > o Active defense mechanism - captures intruders: Side- > winder has been designed to actively respond to any type of > outside attack by a hacker or malicious code. Sidewinder will > react to an attack by allowing a system administrator to choose > from a range of sophisticated countermeasure strategies: Termi- > nate the attacker; Give misleading information; Strike back by > identifying the attacker for future prosecution. I'd *REALLY* like to know what it does to 'identify' the attacker. A finger and and identd call? And who in their right MIND would accept finger or ident returns as prosecutable evidence? Doesn't tcp wrappers provide all of this? Wouldn't a good proxy provide all of this too? > o Content-based message filtering: Sidewinder goes > beyond traditional firewalls by incorporating content-based > message filtering. Traditional firewalls filter messages based > upon the routing address of the message, which can easily be > defeated. Wow, I bet that's slow... > o Easy access to Internet services: Sidewinder provides > users with easy, user-friendly, point-and-click menus to access > basic Internet services. Oh great... When the next Mosaic comes out, everyone will have to wait for Sidewinder to sell their easy, user-friendly, point-and-click replacement. Sounds like a great way to make money off of free software. > o One-time sniffless passwords: Sidewinder provides strin > gent user authentication with the LOCKout(tm) security software. > LOCKout is a highly secure challenge-response identification and > authentication system that replaces traditional passwords. S/Key! > o Defense in depth: With traditional firewall's, once > security has been compromised, the entire network is exposed to > the intruder. With Sidewinder and it's patented Type Enforcement > mechanism, any break-in is limited to the specific assault, and > the intruder cannot migrate through the rest of the information > infrastructure. Huh? If an attacker breaks into one machine, he cannot telnet or ftp to another? I assume it does this by content-based filtering. So, what happens if I send email to a friend saying, "Try: ftp ftp.greatcircle.com", will it "terminate me"? > Secure Computing also provides a Security Alert Service to any > organization that installs Sidewinder. With this Service, organ- > izations are kept informed about current hacker techniques and > attack scripts, as well as other potential risks. "Sidewinder Installation Step 5: Send email to advisories-request@cert.org" > "Secure Computing has leveraged heavily off of it's patented Type > Enforcement technology, which is currently being used to protect > U.S. Government classified networks," said Kevin Sorensen, > Director of Marketing for Secure Computing. "These sophisticated > security mechanisms have been repackaged into the commercial > Sidewinder product." Protect classified networks from what? No government organization would EVER approve classified networks connected to the Internet. This all sounds like hyped up free software to me. Anyone disagree? -Mike