RE: ForeScout ActiveScout (was: Re: Intrusion Prevention)

[Omar Herrera <oherrera () prodigy net mx>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


> -----Original Message-----
> From: Frank Knobbe [mailto:fknobbe () knobbeits com]
> Sent: Lunes, 16 de Diciembre de 2002 08:29 p.m.
> To: Dudley, Brian (ISS Chicago)
> Cc: focus-ids () securityfocus com
> Subject: RE: ForeScout ActiveScout (was: Re: Intrusion Prevention)
>
> The "we'll present fake hosts and block anyone accessing those"
> explanation is sooo much more down to earth than the advertised
> version. Sounds like the 'markers' are just fake services
> represented through fake banners on ports of unused IP's. I'm not
> sure what else could be used to "bait'n'track" an attacker, perhaps
> a fake FTP site with a fake user account list? If the markers
> extend beyond just fake banners, then I remain interested.
> Otherwise I just continue to block sources that access unused IP
> addresses since it seems to have the same result.  
>
> This is all provided that Brian's explanation of the product is
> accurate. If that's the case, then this is great example on how
> carefully crafted advertising language can make a product appear to
> be something larger than it is. Should Brian's explanation not be
> accurate, I encourage Forescout to provide further details.
>
> Otherwise I'll file it under 'Deceptive Marketing' in the
> Doghouse....  


Indeed, it seems that a honeypot could do all that this tool
supposedly does and much better. There you will have evidence of an
attack and more assurance on the source of the attack as well.

Still I also wait for a response on ForeScout, there might be
something interesting on the product hopefully because so far I don't
see an advantage over a NIDS+Honeypot solution; it does not seem to
have an advantage on one or the other alone neither.

Omar Herrera


-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4

iQA/AwUBPf97h6xc3R1o/elHEQKLhgCgwJcjdTXET4ttv1glhYii3MuIoaQAoO2+
Bjq/MZrjvAo1Se27U28Wr9Y8
=iUzK
-----END PGP SIGNATURE-----