IDS mailing list archives
Re: IDSes and known attacks (was: NIPS Vendors explicit answer)
From: Drexx Laggui <drexx () i-manila com ph>
Date: Wed, 28 Apr 2004 02:40:15 -0800
28Apr2004 (UTC -7) Frank Knobbe wrote: ...[snip]...
IDSes are Intrusion Detection Systems. Why do we need to detect something that we know exists? In my opinion we should focus our efforts on detecting the *unknown* events, not the known ones. I argue that youare looking the wrong way :)
...[snip]...Just to clarify, we still need IDSes to monitor *known* attack patterns, so as to make-up for the inadequacies of firewall products/systems. As many of us know, it's easier to sniff out malicious attacks against different network applications, than asking the firewall vendor to secure protocols other than HTTP or SMTP or FTP (for example). And yes, we also know that once an IDS picks up an attack, it may already be too late --but hey, better late than never.
Drexx Laggui Asia-Pacific Region --------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- Re: NIPS Vendors explicit answer, (continued)
- Re: NIPS Vendors explicit answer Vikram Phatak (Apr 26)
- Re: NIPS Vendors explicit answer Ron Gula (Apr 26)
- Re: NIPS Vendors explicit answer Vikram Phatak (Apr 27)
- Re: NIPS Vendors explicit answer Frank Knobbe (Apr 27)
- Re: NIPS Vendors explicit answer Vikram Phatak (Apr 27)
- Message not available
- Re: NIPS Vendors explicit answer Frank Knobbe (Apr 27)
- Re: NIPS Vendors explicit answer Vikram Phatak (Apr 27)
- RE: NIPS Vendors explicit answer Rob Shein (Apr 28)
- RE: NIPS Vendors explicit answer Frank Knobbe (Apr 30)
- RE: NIPS Vendors explicit answer Rob Shein (Apr 30)
- Re: NIPS Vendors explicit answer Ron Gula (Apr 26)
- Re: NIPS Vendors explicit answer Vikram Phatak (Apr 26)
- Re: IDSes and known attacks (was: NIPS Vendors explicit answer) Drexx Laggui (Apr 28)
- Re: NIPS Vendors explicit answer Ron Gula (Apr 28)
- Re: NIPS Vendors explicit answer Vikram Phatak (Apr 28)