Re: TippingPoint Releases Open Source Code for First Intrusion Pr evention Test Tool, Tomahawk

From: ADT (synfinatic_at_gmail.com)
Date: 11/03/04

Next message: Ron Gula: "RE: TippingPoint Releases Open Source Code for First Intrusion Pr evention Test Tool, Tomahawk"

Previous message: Mitchell Ashley: "RE: TippingPoint Releases Open Source Code for FirstIntrusionPrevention Test Tool, Tomahawk"
In reply to: Compton, Rich: "RE: TippingPoint Releases Open Source Code for First Intrusion Pr evention Test Tool, Tomahawk"
Next in thread: Ron Gula: "RE: TippingPoint Releases Open Source Code for First Intrusion Pr evention Test Tool, Tomahawk"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 3 Nov 2004 10:04:48 -0800
To: "Compton, Rich" <rcompton@chartercom.com>

Because IDS/IPS companies spend a fair amount of their time/effort
tracking down these exploits and capturing them for their internal
development, QA and competitive testing. Unlike the AV industry the
IDS/IPS industry doesn't work together on detecting new exploits, and
hence if company A has a capture/exploit for a new worm before company
B then they can write a signature for it sooner and have better
coverage then their competition and beat their marketing drum louder.

-Aaron

-- 
http://synfin.net/
On Tue, 2 Nov 2004 11:00:58 -0600, Compton, Rich
<rcompton@chartercom.com> wrote:
> Why the heck would a pcap be confidential?  As far as I know the pcaps that
> would be used in IPS testing would consist of some attack traffic (maybe
> obfuscated w/ fragrouter) with a mix of valid traffic.  You replay the pcap
> and verify that the attack traffic was blocked.  Anybody can generate and
> record this traffic relatively easily.  Would it be because some IPSs work
> well with certain types of traffic (pcaps) and not very well with others?
> If so, then the community should share this information and these pcap files
> to reproduce the results.  We could then make better informed decisions
> about what is the right device to purchase for our networks.
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------

Next message: Ron Gula: "RE: TippingPoint Releases Open Source Code for First Intrusion Pr evention Test Tool, Tomahawk"

Previous message: Mitchell Ashley: "RE: TippingPoint Releases Open Source Code for FirstIntrusionPrevention Test Tool, Tomahawk"
In reply to: Compton, Rich: "RE: TippingPoint Releases Open Source Code for First Intrusion Pr evention Test Tool, Tomahawk"
Next in thread: Ron Gula: "RE: TippingPoint Releases Open Source Code for First Intrusion Pr evention Test Tool, Tomahawk"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]