Re: ids comparisionFrom: Hervé Debar (email@example.com)
- Previous message: Stover@cabletron.com, : "Re: high speed nids"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <3B6EA296.D9C6363E@francetelecom.com> Date: Mon, 06 Aug 2001 15:58:46 +0200 From: Hervé Debar <firstname.lastname@example.org> To: email@example.com Subject: Re: ids comparision
Jose Nazario wrote:
> On 11 Jul 2001, Paladion Networks wrote:
> > ISS didn't pick any of the whisket scan.[ Those who are using ISS I
> > used default policy on both ISS and NFR ... ISS was using Attack
> > Detector ]
> last night in his presentation, rfp (the author of whisker) stated that
> ISS shuld now be able to pick up whisker 1.4 IDS evasion scans in its
> latest release/update. don't know if its true, but given the source (the
> tool's author) its worth investigating and making sure you're up to date
> on your ISS database.
I don't know about 6.0, but 5.5 fails on 2 of whisker's modes (not
mentioning that it doesn't like HEAD scans ....).
-- Hervé Debar <mailto:firstname.lastname@example.org> Tel: +33 (0)2 31 75 92 61 GSM: +33 (0)6 74 09 09 66 France Télécom R&D Fax: +33 (0)2 31 75 93 13 42 rue des Coutures (-/-) BP 6243 (-/-) F-14066 Caen Cedex 4