Re: Crying wolf: False alarms hide attacks : Eight IDSs fail to impressduring the monthlong test on a production network.
From: Drew (simonis@myself.com)Date: 06/28/02
- Previous message: Andrew Plato: "RE: Crying wolf: False alarms hide attacks : Eight IDSs fail to impress during the month long test on a production network."
- In reply to: Matt.Carpenter@alticor.com: "Re: Crying wolf: False alarms hide attacks : Eight IDSs fail to impress during the monthlong test on a production network."
- Next in thread: Milletary, Jason: "RE: Gateway IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 28 Jun 2002 14:26:57 -0400 From: Drew <simonis@myself.com> To: focus-ids@securityfocus.com
Matt.Carpenter@alticor.com wrote:
>
> "Tom D'Aquino" <tom_daquino@yahoo.com>
> >>"But Opus One's servers run OpenVMS, not Windows. Even though it is
> >>trivially easy to figure out what operating system a Web server uses, not
> >>one of the IDSs did so."
>
> Yes, this might be a nice thing for an IDS to do (check the OS and Software
> when or before an attack), but that sounds an awful lot like "bad traffic"
> to me. Somehow our IDS boxes doing the very things we don't want to see on
> a network. Not to mention that in a split-responsibility environment, this
> is a political nightmare. Some NT/IIS Admin suddenly has someone else he
> can blame when s/he's asked to explain why they have to reboot their boxes
> so often. No thanks. If that is of value, make sure it is something which
> can be turned OFF, please.
This is something that Symantec's NetProwler does, but I've heard that
they are discontinuing that product. Dunno if thats a rumor or not...
- Previous message: Andrew Plato: "RE: Crying wolf: False alarms hide attacks : Eight IDSs fail to impress during the month long test on a production network."
- In reply to: Matt.Carpenter@alticor.com: "Re: Crying wolf: False alarms hide attacks : Eight IDSs fail to impress during the monthlong test on a production network."
- Next in thread: Milletary, Jason: "RE: Gateway IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
