IDS, where the bits meet the bytes
From: stephen.taylor@saic.comDate: 04/30/02
- Previous message: Hervé Debar: "Re: Best Method(s) for signature verifcation."
- Next in thread: Wirth, Jeff: "RE: IDS, where the bits meet the bytes"
- Reply: Wirth, Jeff: "RE: IDS, where the bits meet the bytes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 30 Apr 2002 13:45:20 -0000 From: <stephen.taylor@saic.com> To: focus-ids@securityfocus.com('binary' encoding is not supported, stored as-is)
I am prepared for rejection on this question but it is why
I joined this group.
First some background for how I am asking the question.
Long ago I programmed mainframes so I am used to looking at
bits, strings of bits. I am also accustomed to looking at
bytes, hexadecimal "translations" of those bits into
characters. The concept of system applications, macros,
input/output commands and firmware are clear to me.
In those terms, how is a string of bits on a network
analyzed? What has to happen to the bits? Are they copied
and analyzed? If they are all copied, are they all
available? (I ask this because it would give an idea of how
many packets are classified as events versus the total
number of packets.) Is the copying done by the NIC? Where
do the packets get copied? Are there major differencies
between products in how this is done? (notice I am not
asking about proprietary pattern matching schemes)Etc.
Etc? Thank you for your thoughts. Perhaps there are some
publications I can read other than the six I already own.
Once I get this concept firmly in my mind, I can better
evaluate all the discussions of IDS products and their
capabilities.
- Previous message: Hervé Debar: "Re: Best Method(s) for signature verifcation."
- Next in thread: Wirth, Jeff: "RE: IDS, where the bits meet the bytes"
- Reply: Wirth, Jeff: "RE: IDS, where the bits meet the bytes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
