Re: Signature and Traffic generation
From: Brian (bmc@snort.org)Date: 03/16/02
- Previous message: Kohlenberg, Toby: "RE: Signature and Traffic generation"
- In reply to: John S Flowers: "Re: Signature and Traffic generation"
- Next in thread: John S Flowers: "Re: Signature and Traffic generation"
- Next in thread: Robert Graham: "Re: Signature and Traffic generation"
- Reply: John S Flowers: "Re: Signature and Traffic generation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 15 Mar 2002 23:47:56 -0500 From: Brian <bmc@snort.org> To: John S Flowers <jflowers@well.com>
According to John S Flowers:
> Very well said. The ability to compare what was found by the IDS to what
> is a real attack on your network against a real, vulnerable system, is the
> hallmark of what should be required for an alarming system benchmark to
> succeed and have validity.
I donno about you, but I would like to know if someone tries to attack
me, regardless of how secure my network is as seen by my IDS. While
raising priority of alerts for systems that look to be vulnerable to
attacks is a good thing, ignoring attacks just because some vendor
thinks I'm not vulnerable is not.
Last I checked, all of the IDS vendors are human. Humans make
mistakes. I'd like to leave the decisions of what to ignore to someone
that knows more about my network (me) rather than my IDS.
-brian
- Previous message: Kohlenberg, Toby: "RE: Signature and Traffic generation"
- In reply to: John S Flowers: "Re: Signature and Traffic generation"
- Next in thread: John S Flowers: "Re: Signature and Traffic generation"
- Next in thread: Robert Graham: "Re: Signature and Traffic generation"
- Reply: John S Flowers: "Re: Signature and Traffic generation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
