IDS mailing list archives
False Positives
From: Andi Hess <andi_hess () web de>
Date: 3 Jun 2003 16:13:11 -0000
Hi there, I am new in the field of NIDS and I wonder if the problem of false positives is really this huge as mentioned in several publications. I am considering tools like PCP, Stick (I have never seen them, but read about them) which can be used to generate huge amount of packets and each on triggers an alarm on the victim IDS (a false positive, as the packets are not a real attack). As it has been impossible for me to find any of the above mentioned packet generators - I wonder how the packets look like? Is it possible to differentiate 'artifically' generated false positives from natural ones? Any hint is welcome! Thank you. A. ------------------------------------------------------------------------------- INTRUSION PREVENTION: READY FOR PRIME TIME? IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities - including intrusion identification, relevancy, direction, impact and analysis - enabling a path to prevention. Download the latest white paper "Intrusion Prevention: Myths, Challenges, and Requirements" at: http://www.securityfocus.com/IntruVert-focus-ids2 -------------------------------------------------------------------------------
Current thread:
- False Positives Andi Hess (Jun 03)
- RE: False Positives Harshul Nayak (ealcatraz) (Jun 04)
- Re: False Positives Tobias Klein (Jun 05)
- <Possible follow-ups>
- Re: False Positives MARTIN M. Bénoni (Jun 04)
- RE: False Positives Steven Richards (Jun 04)
- RE: False Positives Fergus Brooks (Jun 04)
- RE: False Positives Dudley, Brian (ISS Chicago) (Jun 05)