interesting paper on testing sig-based IDS
From: Kohlenberg, Toby (toby.kohlenberg_at_intel.com)
Date: 02/26/05
- Previous message: Göran Sandahl: "Current state of Anomaly-based Intrusion Detection"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 25 Feb 2005 21:01:22 -0800 To: <focus-ids@lists.securityfocus.com>
http://www.cs.ucsb.edu/~vigna/pub/2004_vigna_robertson_balzarotti_CCS04.
pdf
It seems very similar (at least at first glance) what what's been
implemented by
RFP in Whisker (the anti-IDS techniques) or in Metasploit (IDS confusion
techniques).
Have any/many of you seen this before? It seems like it's something we
would have
seen cross this list but I don't remember it doing so.
t
Toby Kohlenberg, CISSP, GCIH, GCIA
Senior Information Security Analyst
Applied Security Technology Team
Intel Corporate Information Security
503-712-8588 Office & Voicemail
877-497-1696 Pager
"Just because you're paranoid, doesn't mean they're not after you."
PGP Fingerprint:
92E2 E2FC BB8B 98CD 88FA 01A1 6E09 B5BA 9E84 9E70
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
- Previous message: Göran Sandahl: "Current state of Anomaly-based Intrusion Detection"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
