Re: Announcement: Alert Verification for Snort
From: Michael Stone (mstone_at_mathom.us)
Date: 10/24/03
- Previous message: Sam f. Stover: "Re: Announcement: Alert Verification for Snort"
- In reply to: Konrad Rieck: "Re: Announcement: Alert Verification for Snort"
- Next in thread: Andrew Hall: "RE: Announcement: Alert Verification for Snort"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 23 Oct 2003 21:20:33 -0400 To: Focus IDS <focus-ids@securityfocus.com>
On Thu, Oct 23, 2003 at 12:03:13PM +0200, Konrad Rieck wrote:
>If Snort or any IDS reports an alert with CVE number, and the
>corresponding probe (in your case a NASL script) doesn't detect a
>vulnerability, can you ensure that there isn't one?
If snort doesn't detect anything can you be sure there isn't an
intrusion? Why not just record everything? The volume of attacks a large
site sees requires some kind of filtering; it might be nice to say that
it's better to report 1000 false positives than to allow 1 attack to go
undetected, but at some point there is no realistic chance of all the
data being examined.
Mike Stone
---------------------------------------------------------------------------
Network with over 10,000 of the brightest minds in information security
at the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and
see demos from more than 250 industry vendors. If your job touches
security, you need to be here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_focus-ids_031023
and use priority code SF4.
---------------------------------------------------------------------------
- Previous message: Sam f. Stover: "Re: Announcement: Alert Verification for Snort"
- In reply to: Konrad Rieck: "Re: Announcement: Alert Verification for Snort"
- Next in thread: Andrew Hall: "RE: Announcement: Alert Verification for Snort"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
