Firewall Wizards mailing list archives
RE: IPS (was: Sources for Extranet Designs?)
From: "Marcus J. Ranum" <mjr () ranum com>
Date: Thu, 26 Feb 2004 17:17:40 -0500
Stiennon,Richard wrote:
Multiple methodologies to determine malicious intent. Usually includes signature, protocol anomaly, behavior and flow capabilities.
And since we've got you here.... Can you explain how these "signatures" and "protocol anomaly" detectors and "behavior and flow capabilities" are going to NOT suffer all the problems with false positives that caused Gartner to announce that IDS was a failure? From your own definition, it sounds like you at least understand that the functional mechanisms for detecting "malicious intent" are the same in an "IPS" as they are in an IDS. So if you guys at Gartner think IDS sucks because it can't do an accurate enough job of detecting "malicious intent" I'd love to hear how you think it's going to work better in an "IPS" when a false positive results in a dropped connection. I'm so glad you're monitoring this list - that way we can get the explanation straight from the horse's mouth, as it were...* mjr. (* With apologies to my horse P-nut who doesn't read this list. The expression "straight from the horse's mouth" means something entirely different once you've spent some time with equines. You should see what my white straw stetson looked like "straight from the horse's mouth" the time P-nut played 'fetch' and 'tag' with it) _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: IPS (was: Sources for Extranet Designs?) Stiennon,Richard (Feb 26)
- RE: IPS (was: Sources for Extranet Designs?) Christopher Lee (Feb 27)
- <Possible follow-ups>
- RE: IPS (was: Sources for Extranet Designs?) Marcus J. Ranum (Feb 26)
- RE: IPS (was: Sources for Extranet Designs?) Paul Robertson (Feb 26)
- Re: IPS Gary Flynn (Feb 26)
- Re: Re: IPS David Thiel (Feb 26)
- Re: Re: IPS Gary Flynn (Feb 27)
- RE: IPS (was: Sources for Extranet Designs?) Ben Nagy (Feb 27)
- RE: IPS (was: Sources for Extranet Designs?) Chris Blask (Feb 27)
- RE: IPS (was: Sources for Extranet Designs?) Marcus J. Ranum (Feb 26)
- RE: IPS (was: Sources for Extranet Designs?) Paul Robertson (Feb 26)
- Re: IPS (was: Sources for Extranet Designs?) Gary Flynn (Feb 27)
- Re: IPS (was: Sources for Extranet Designs?) Paul Robertson (Feb 27)
- RE: IPS (was: Sources for Extranet Designs?) Paul Robertson (Feb 26)
- RE: IPS (was: Sources for Extranet Designs?) Christopher Lee (Feb 27)
- Re: IPS (was: Sources for Extranet Designs?) Gary Flynn (Feb 29)