Re: ids comparision

From: Hervé Debar (herve.debar@francetelecom.com)
Date: 08/06/01


Message-ID: <3B6EA296.D9C6363E@francetelecom.com>
Date: Mon, 06 Aug 2001 15:58:46 +0200
From: Hervé Debar <herve.debar@francetelecom.com>
To: focus-ids@securityfocus.com
Subject: Re: ids comparision


Jose Nazario wrote:
>
> On 11 Jul 2001, Paladion Networks wrote:
>
> > ISS didn't pick any of the whisket scan.[ Those who are using ISS I
> > used default policy on both ISS and NFR ... ISS was using Attack
> > Detector ]
>
> last night in his presentation, rfp (the author of whisker) stated that
> ISS shuld now be able to pick up whisker 1.4 IDS evasion scans in its
> latest release/update. don't know if its true, but given the source (the
> tool's author) its worth investigating and making sure you're up to date
> on your ISS database.
I don't know about 6.0, but 5.5 fails on 2 of whisker's modes (not
mentioning that it doesn't like HEAD scans ....).

Hervé

-- 
Hervé Debar                <mailto:herve.debar@francetelecom.com>
Tel: +33 (0)2 31 75 92 61               GSM: +33 (0)6 74 09 09 66
France Télécom R&D                      Fax: +33 (0)2 31 75 93 13
42 rue des Coutures  (-/-)  BP 6243  (-/-)   F-14066 Caen Cedex 4