interesting paper on testing sig-based IDS

From: Kohlenberg, Toby (toby.kohlenberg_at_intel.com)
Date: 02/26/05

  • Next message: Jose Maria Lopez Hernandez: "Re: High availability design of NIDS"
    Date: Fri, 25 Feb 2005 21:01:22 -0800
    To: <focus-ids@lists.securityfocus.com>
    
    

    http://www.cs.ucsb.edu/~vigna/pub/2004_vigna_robertson_balzarotti_CCS04.
    pdf

    It seems very similar (at least at first glance) what what's been
    implemented by
    RFP in Whisker (the anti-IDS techniques) or in Metasploit (IDS confusion
    techniques).

    Have any/many of you seen this before? It seems like it's something we
    would have
    seen cross this list but I don't remember it doing so.

    t

    Toby Kohlenberg, CISSP, GCIH, GCIA
    Senior Information Security Analyst
    Applied Security Technology Team
    Intel Corporate Information Security
    503-712-8588 Office & Voicemail
    877-497-1696 Pager
    "Just because you're paranoid, doesn't mean they're not after you."

    PGP Fingerprint:
    92E2 E2FC BB8B 98CD 88FA 01A1 6E09 B5BA 9E84 9E70

    --------------------------------------------------------------------------
    Test Your IDS

    Is your IDS deployed correctly?
    Find out quickly and easily by testing it with real-world attacks from
    CORE IMPACT.
    Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
    to learn more.
    --------------------------------------------------------------------------


  • Next message: Jose Maria Lopez Hernandez: "Re: High availability design of NIDS"

    Relevant Pages

    • RE: SOHO Hardware IDS
      ... Like IDS use Snort in linux or BSD with some add for easy management. ... Diplomado en Seguridad Informática ITESM CEM ... Network with over 10,000 of the brightest minds in information security ... most highly-anticipated industry event of the year. ...
      (Focus-IDS)
    • IDS & encryption
      ... latest advances and general vendor approaches of IDS ... Network with over 10,000 of the brightest minds in information security ... most highly-anticipated industry event of the year. ...
      (Focus-IDS)
    • Re: SOHO Hardware IDS
      ... > I am curious if there exists a SOHO-type hardware device with the ... consultancy that produce firewall, IDS, and VPN devices for SOHO ... Network with over 10,000 of the brightest minds in information security ... most highly-anticipated industry event of the year. ...
      (Focus-IDS)
    • Re: Can anyone recommend a good book?
      ... > classroom learning environment would be great. ... > hands-on structured labs on using IDS tools and implementing IDS solutions. ... > Network with over 10,000 of the brightest minds in information security ... most highly-anticipated industry event of the year. ...
      (Focus-IDS)