IDS mailing list archives

Previous By Date Next
Previous By Thread Next

RE: SourceFire RNA

From: "Rob Shein" <shoten () starpower net>
Date: Tue, 2 Dec 2003 10:46:48 -0500
The answer to this is simple.  All machines make some kind of noise on the
network, from an IDS-centric view.  If the machine doesn't have any
interaction, ever, with anything, then it's not really important from the
IDS point of view, because it can't be breached WITHOUT interaction.  Even
if the first traffic involving that machine is an attack or scan, at that
point the machine becomes at least as visible to the IDS as it is to the
attacker.


-----Original Message-----
From: Lior Tal [mailto:lior () us-path com] 
Sent: Tuesday, December 02, 2003 5:58 AM
To: focus-ids () securityfocus com
Subject: SourceFire RNA




Hi,
Did anyone had a chance to evaluate the RNA published on 
SourceFire web site? From what I coule understand, they claim 
that by passive traffic analysis the RNA can trace every 
network device, service and open port within a network. It is 
difficult for me to understand how can passive traffic 
analysis detect inactive devices and services which do not 
transmit any network traffic? Can anyone help figure that 
one? Lior US-Path Inc.

--------------------------------------------------------------
-------------
--------------------------------------------------------------
-------------





---------------------------------------------------------------------------
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: