IDS mailing list archives
RE: ForeScout ActiveScout (was: Re: Intrusion Prevention)
From: "Matthew L. McGuirl" <mmcguirl () lucidsecurity com>
Date: Tue, 17 Dec 2002 12:48:27 -0500
They "shine" because as far as I can tell, they're correlating their own data with their own data. This magical "mark" they stamp on the prober is unlikely to be more than something like a dummy username & password combination that gets stored in their database. When their IDS module sees a packet come in bearing this dummy data they can detect it regardless of its source IP. I must be missing something if they're serious when they claim to be able to detect a "mark" returning without examining the payload of the packets. If I'm wrong, please elucidate. Happy Holidays to All, Matt Matt McGuirl Software Support Engineer Lucid Security Corporation Email: mmcguirl () lucidsecurity com
Attachment:
Matt McGuirl.vcf
Description: Matt McGuirl.vcf
Current thread:
- ForeScout ActiveScout (was: Re: Intrusion Prevention) Oded Comay (Dec 15)
- RE: ForeScout ActiveScout (was: Re: Intrusion Prevention) Omar Herrera (Dec 15)
- Re: ForeScout ActiveScout (was: Re: Intrusion Prevention) Frank Knobbe (Dec 15)
- Re: ForeScout ActiveScout (was: Re: Intrusion Prevention) Karl Lynn (Dec 16)
- <Possible follow-ups>
- RE: ForeScout ActiveScout (was: Re: Intrusion Prevention) Adam Powers (Dec 16)
- RE: ForeScout ActiveScout (was: Re: Intrusion Prevention) Matthew L. McGuirl (Dec 16)
- RE: ForeScout ActiveScout (was: Re: Intrusion Prevention) Dudley, Brian (ISS Chicago) (Dec 16)
- RE: ForeScout ActiveScout (was: Re: Intrusion Prevention) Karl Lynn (Dec 16)
- RE: ForeScout ActiveScout (was: Re: Intrusion Prevention) Frank Knobbe (Dec 17)
- RE: ForeScout ActiveScout (was: Re: Intrusion Prevention) Omar Herrera (Dec 17)
- RE: ForeScout ActiveScout (was: Re: Intrusion Prevention) Matthew L. McGuirl (Dec 17)
- Re: ForeScout ActiveScout (was: Re: Intrusion Prevention) Dug Song (Dec 17)