Dailydave mailing list archives
RE: For those of you that don't know....
From: Sinan Eren <sinan.eren () immunitysec com>
Date: Mon, 13 Dec 2004 13:14:52 -0800 (PST)
You should preface your last statement with "I write exploits for a living so I don't want people to buy a solution that actually stops them."
Thats just stupid to claim that i am trying to deceive people on the list for my own agenda. I am not. Determina is the only win32 BO solution that i dont see any sudden pitfalls in its design. For all others whether we have working exploits or know robust way(s) to bypass it. I wont be naming any vendors but we all known who else I am refering ...
You can't say with a straight face they were doing better than everybody else in the market, they are evaded by simple RPC fragmentation, even SNORT catches that. ImmunitySec's own Canvas CRI turns it into swiss cheese, from what I hear.
Yeah its probably true that they dont handle application level fragmentation but who else does without actually sitting on the host ? And solutions that requires agent installiations shouldnt be compared with TippingPoint but rather with Determina and other HIPS.
From what i hear Tippingpoint in its class (hardware solution that sits as
a border perimeter) is the only HIPS that its customers can actually run in prevention mode. All others i have seen are almost in "learning" or "warning" or "HIDS" mode.
What other NIPS/HIPS vendors are you speaking of? As far as I know Willy Wonka got his Ompalompa's on spyware research now so the list of NIPS that tippingpoint is better than has dropped a bit.
why dont you give us a sales pitch of your dear product so that we can all kick back and chill ... cheers, Sinan
-----Original Message----- From: Sinan Eren [mailto:sinan.eren () immunitysec com] Sent: Monday, December 13, 2004 2:39 PM To: Maynor, David (ISS Atlanta) Cc: dailydave Subject: Re: [Dailydave] For those of you that don't know....Who knew PCRE was worth that much?Compared to other marketed NIDS/NIPS tippingpoint was doing a much better job. So it did not suprise me much. Same could be said for Determina being so much better than all the other marketted HIPS out there. So i expect to see some big acquisition in that too. I would personally pick tippingpoint and determina if i was in a CSO or similar position. So standing from a technical point of view I would endorse both of these products. cheers, Sinan
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: For those of you that don't know...., (continued)
- Re: For those of you that don't know.... halvar (Dec 13)
- Re: For those of you that don't know.... pageexec (Dec 13)
- Re: For those of you that don't know.... halvar (Dec 13)
- Re: For those of you that don't know.... Sinan Eren (Dec 13)
- Re: For those of you that don't know.... halvar (Dec 13)
- Re: For those of you that don't know.... Dave Aitel (Dec 13)
- Re: For those of you that don't know.... pageexec (Dec 13)
- Re: For those of you that don't know.... halvar (Dec 13)
- Re: For those of you that don't know.... Gadi Evron (Dec 13)
- Re: For those of you that don't know.... Sinan Eren (Dec 13)
- RE: For those of you that don't know.... Sinan Eren (Dec 13)
- Re: For those of you that don't know.... ric k (Dec 13)
- RE: For those of you that don't know.... pageexec (Dec 13)
- RE: For those of you that don't know.... Sinan Eren (Dec 13)
- RE: For those of you that don't know.... Ron Gula (Dec 13)