RE: sidestep

From: Jill Tovey (jill.tovey_at_bigbluedoor.com)
Date: 05/03/03

  • Next message: Golomb, Gary: "RE: sidestep"
    To: focus-ids@securityfocus.com
    Date: 03 May 2003 10:52:06 +0100
    
    

    Hi all,

    For those of you that were interested, Snort did not detect the DNS
    version query from Sidestep.

    Kind Regards,

    Jill Tovey

    -------------------------------------------------------------------------------
    Can you respond to attacks based on attack type, severity, source IP,
    destination IP, number of times attacked, or the time of day an attack
    occurs? No?
    No wonder why you're swamped with false positives!
    Download a free 15-day trial of Border Guard and watch your false
    positives disappear.

    http://www.securityfocus.com/StillSecure-focus-ids2
    -------------------------------------------------------------------------------


  • Next message: Golomb, Gary: "RE: sidestep"

    Relevant Pages

    • Re: Truth about False Positives
      ... Subject: Truth about False Positives ... >>> Security Administrator, AsiaPac ... >>> false alarms. ... >>> attack was real or not. ...
      (Focus-IDS)
    • RE: On the definition of false positive - was: Re: location of an IPS
      ... You define false positive as an alert on something that was not actually an ... My issue is with the use of the word "attack". ... IDS are used to alert on network ... attack - you could test for false positives with false negatives ...
      (Focus-IDS)
    • RE: Truth about False Positives
      ... > International Security Group ... > Subject: Truth about False Positives ... > defining false positives & false alarms, and what steps we are taking to ... > algorithms into having the most comprehensive set of IDS attack algorithms. ...
      (Focus-IDS)
    • RE: False Positives
      ... > when no actual exploited attack has ... > when attackers attempt to overload an IDS' alert processing ... > Subject: False Positives ... > IntruShield now offers unprecedented Intrusion IntelligenceTM ...
      (Focus-IDS)
    • RE: Best Method(s) for signature verifcation.
      ... if the IDS is trying to be "smart" it may not listen on ports ... listening in order to get the IDS to see an attack. ... > Subject: Re: Best Methodfor signature verifcation. ... > false positives ...
      (Focus-IDS)