RE: IDS (ISS) and reverse engineering

From: Teicher, Mark (Mark) (teicher_at_avaya.com)
Date: 11/27/03

  • Next message: rsh_at_idirect.com: "Re: IDS (ISS) and reverse engineering"
    Date: Wed, 26 Nov 2003 16:00:10 -0700
    To: "V.O." <vosipov@tpg.com.au>, <focus-ids@securityfocus.com>
    
    

    Untrue,

    They have network security engineers that have been coding up protocol
    decodes longer than most opensource IDS signature products have been
    available

    /m

    -----Original Message-----
    From: V.O. [mailto:vosipov@tpg.com.au]
    Sent: Wednesday, November 26, 2003 1:54 PM
    To: focus-ids@securityfocus.com
    Subject: Fw: IDS (ISS) and reverse engineering

    (re-submitted by the moderator's request - he asked not to cross-post)

    Recently I've got to listen to a marketing pitch by an ISS guy. He was
    going along the lines of "our X-force reverse-engineered Microsoft RPC
    libraries and created signatures..." and "we use protocol decoding, so
    we reverse-engineered various closed-source protocols in order to create
    out decoders".

    What struck me - isn't this kind of activity actually illegal in the US?
    To which extent it is possible to disassemble Windows code? And if it is
    illegal, then aren't their customers (plus many other IDSes, with the
    exclusion of Snort, probably) in danger - what if Microsoft or whoever
    else sues ISS for doing this? :)

    I'm puzzled.

    ------------------------------------------------------------------------

    ---
    ------------------------------------------------------------------------
    ---
    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------
    

  • Next message: rsh_at_idirect.com: "Re: IDS (ISS) and reverse engineering"