Cisco's IDS Vulnerabilities

From: Samuel Cure (scure@redbulltech.com)
Date: 05/11/02 

From: "Samuel Cure" <scure@redbulltech.com>
To: <focus-ids@securityfocus.com>
Date: Fri, 10 May 2002 16:57:03 -0700

After researching and testing Cisco security products, I have some serious
concerns and want to get anyone else's reaction:

Just testing some very popular hacker tools that have been around for a long
time, Cisco IDS missed them. ADMmutate tool is very well known in the IDS
community that is used to evade IDS. Most commercial IDSes detect ADMmutate.
I'm shocked to see they missed this technique and a lot of other tests. Has
anyone else found this to be true?

Along with trying to protect a company, I tried using Cisco's NetSonar.
This thing doesn't seem to have been kept up to date with any of the latest
vulnerabilities. NetSonar seems to lack any vulnerabilities that relate to
Cisco's own products. I tried comparing Cisco's advisories on Cisco
products and checks to see if NetSonar would find them and there is an
obvious missing connection. On top of it, with Wireless 802.11 taking off,
I'm surprised they have not developed a wireless scanner. The Cisco rep
indicated they were not planning on delivering any such product, but loved
to sell some 802.11 equipment. Maybe they do not want to slow down sales
by exposing issues in their own products? Is Cisco really serious about
security or is there a conflict of interest that makes Cisco's security
products less than unbiased?

I'd be interested in what the rest of the security community thinks about
this.

Thanks in Advance,

-------------------
Samuel J. Cure
Chief Technology Officer
Red Bull Technologies, Inc.
www.redbulltech.com
-------------------

Relevant Pages
Quantcast