Re: Changes in IDS Companies?
From: Raistlin (raistlin@gioco.net)Date: 10/31/02
- Previous message: roy lo: "Re: Intrusion Prevention Systems"
- In reply to: roy lo: "Re: Changes in IDS Companies?"
- Next in thread: Scott Wimer: "Re: Changes in IDS Companies?"
- Next in thread: Alan Shimel: "RE: Changes in IDS Companies?"
- Reply: Scott Wimer: "Re: Changes in IDS Companies?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Raistlin" <raistlin@gioco.net> To: <focus-ids@securityfocus.com> Date: Thu, 31 Oct 2002 17:58:12 +0100
> And "IPS" seems to be a good example of it. Like you(Chris) have point
> out here, the IPS function will be turn off due to the fact that
> false alarms will be too high for it to be consider "safe" to use.
Even if there were no false alarms, something that automatically cuts in and
prevents communication has an astounding potential to become the worst
Denial-of-service tool on the market...
It is really difficult to implement an AI engine clever enough to understand
which attacks are using the prevention feature to actually cause harm
_through_ the IPS itself.
Stefano "Raistlin" Zanero
System Administrator Gioco.Net
public PGP key block at http://gioco.net/pgpkeys
- Previous message: roy lo: "Re: Intrusion Prevention Systems"
- In reply to: roy lo: "Re: Changes in IDS Companies?"
- Next in thread: Scott Wimer: "Re: Changes in IDS Companies?"
- Next in thread: Alan Shimel: "RE: Changes in IDS Companies?"
- Reply: Scott Wimer: "Re: Changes in IDS Companies?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
