IDS mailing list archives
Re: Cisco CTR
From: Martin Roesch <roesch () sourcefire com>
Date: Thu, 13 Nov 2003 21:41:26 -0500
Vendor Alert: I work for Sourcefire.RNA is not a passive vulnerability scanner, vulnerability analysis is only a subset of what it can accomplish. I've taken to calling RNA a passive network discovery system (PNDS) since that's a more accurate description of what it does.
BTW, the demo that Joe saw was from a beta of RNA that we were running in-house, production versions should only be set to discover your internal network so you don't accidentally start mapping other people's networks with it. We had our internal sensors tuned that way for testing of preproduction units only, we don't condone mapping other people's networks with RNA.
-Marty On Nov 12, 2003, at 1:48 PM, John Lampe wrote:
----- Original Message ----- From: "Joe Bowling" <joebowling () comcast net> To: <liranil () optonline net> Cc: <focus-ids () securityfocus com> Sent: Tuesday, November 11, 2003 12:26 AM Subject: Re: Cisco CTRthe RNA runs on its own box all it does is listen...so even if it dropped a packet in a stream itwouldnt matter....its not matching signatures...its fingerpringting OS'sandApps.the demo i saw of it rocked the house....cause it fingerprints not onlyyourinternal network but also everyone you talk to on your "external"network.....lets just say you will discover some interesting things outthere (IIS version 3.0)I work for Tenable Security, so I may be a little biased ;-) however, if you're into passive vulnerability scanning, you may also wish to check out Nevo from Tenable Security. Nevo can work in 'stand-alone' mode. In addition, it can forward it's alerts up to the Lightning console where it can be used to correlate IDS and scanner data. So, for instance, you can haveyour Nessus, Newt, Snort, and Nevo data all residing on a central console.The nice thing is that you can choose to only look at attacks which were directed against actually vulnerable machines....And, yes, since Nevo is passive, it can look at vulnerable machines on your business partner networks, external nets, etc. John Lampe----------------------------------------------------------------------- ----Network with over 10,000 of the brightest minds in information security at the largest, most highly-anticipated industry event of the year. Don't miss RSA Conference 2004! Choose from over 200 class sessions and see demos from more than 250 industry vendors. If your job touches security, you need to be here. Learn more or register at http://www.securityfocus.com/sponsor/RSA_focus-ids_031023 and use priority code SF4.----------------------------------------------------------------------- ----
-- Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616 Sourcefire: Enterprise-class Snort-based IDS Infrastructure roesch () sourcefire com - http://www.sourcefire.com Snort: Open Source Network IDS - http://www.snort.org --------------------------------------------------------------------------- Network with over 10,000 of the brightest minds in information security at the largest, most highly-anticipated industry event of the year. Don't miss RSA Conference 2004! Choose from over 200 class sessions and see demos from more than 250 industry vendors. If your job touches security, you need to be here. Learn more or register athttp://www.securityfocus.com/sponsor/RSA_focus-ids_031023 and use priority code SF4.
---------------------------------------------------------------------------
Current thread:
- Re: Cisco CTR, (continued)
- Re: Cisco CTR Joe Bowling (Nov 10)
- RE: Cisco CTR Alan Shimel (Nov 10)
- RE: Cisco CTR Gary Halleen (Nov 07)
- Re: Cisco CTR John Lampe (Nov 10)
- Re: Cisco CTR Petr Ruzicka (Nov 10)
- RE: Cisco CTR John Petropoulos (Nov 07)
- Re: Cisco CTR liranil (Nov 12)
- Re: Cisco CTR Joe Bowling (Nov 12)
- Re: Cisco CTR Ron Gula (Nov 13)
- Re: Cisco CTR John Lampe (Nov 13)
- Re: Cisco CTR Martin Roesch (Nov 17)
- Re: Cisco CTR Ron Gula (Nov 17)
- Re: Cisco CTR Martin Roesch (Nov 17)
- Re: Cisco CTR Ron Gula (Nov 17)
- Re: Cisco CTR Martin Roesch (Nov 19)
- Re: Cisco CTR Ron Gula (Nov 19)
- Re: Cisco CTR Martin Roesch (Nov 20)
- Re: Cisco CTR Joe Bowling (Nov 12)
- Re: Cisco CTR Ron Gula (Nov 19)
- Re: Cisco CTR Renaud Deraison (Nov 19)
- Re: Cisco CTR Martin Roesch (Nov 19)
- Re: Cisco CTR Renaud Deraison (Nov 20)