IDS mailing list archives
Re: Anamoly based network IDS
From: Brian Hernacki <bhern () meer net>
Date: Fri, 28 Mar 2003 15:18:07 -0800
Manhunt is actually a poor example. Manhunt focuses on validating protocols: it watches network traffic to see if it conforms to the official protocol specifications. If it doesn't conform (i.e. is invalid), then it triggers an event.
Actually Manhunt's protocol anomaly detection monitors for both protocol deviations and 'compliant but suspicious' protocol activity.
--brian ----------------------------------------------------------- ALERT: Exploiting Web Applications- A Step-by-Step Attack Analysis Learn why 70% of today's successful hacks involve Web Applicationattacks such as: SQL Injection, XSS, Cookie Manipulation and Parameter Manipulation.
http://www.spidynamics.com/mktg/webappsecurity71
Current thread:
- Anamoly based network IDS vishal p (Mar 27)
- Re: Anamoly based network IDS Lance Spitzner (Mar 27)
- <Possible follow-ups>
- RE: Anamoly based network IDS Graham, Robert (ISS Atlanta) (Mar 28)
- Re: Anamoly based network IDS Brian Hernacki (Mar 28)