PaulDotCom mailing list archives
Re: IDP/IDS
From: "Albert R. Campa" <abcampa () gmail com>
Date: Mon, 13 Sep 2010 14:27:37 -0500
I seem to recall VRT putting out a blog post of the reasoning for their signature creation methods. Write to block the vulnerability vs exploit? I cant seem to find it. This is brought on by ISS selling their "non signature" based model, which enables them to have a signature that blocks the adobe 0day since 2008, whereas Snort just recently created a sig for it. 17233 <-> SPECIFIC-THREATS Adobe Reader and Acrobat TTF SING table parsing remote code execution attempt __________________________________ Albert R. Campa On Mon, Sep 13, 2010 at 1:58 PM, Juan Cortes <juanccortester () gmail com>wrote:
We are currently evaluating both sourcefire n tippingpoint. Love snort so we r biased but we r testing both. We currently have shitty-iss. On Sep 13, 2010 12:36 PM, "Carlos Perez" <carlos_perez () darkoperator com> wrote: I'm biased to Tippingpoint and SourceFire, hate McFee models Sent from my iPhone On Sep 13, 2010, at 12:30 PM, Craig Freyman <craigfreyman () gmail com> wrote:Budget time, need to..._______________________________________________ Pauldotcom mailing list Pauldotcom@mail.pauldo..._______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- IDP/IDS Craig Freyman (Sep 13)
- Re: IDP/IDS Bigger Thomas (Sep 13)
- Re: IDP/IDS Carlos Perez (Sep 13)
- Re: IDP/IDS Juan Cortes (Sep 13)
- Re: IDP/IDS Albert R. Campa (Sep 13)
- Re: IDP/IDS Juan Cortes (Sep 13)
- Re: IDP/IDS Mike Patterson (Sep 13)
- Re: IDP/IDS CP Constantine (Sep 14)
- Re: IDP/IDS Will Metcalf (Sep 14)
- Re: IDP/IDS CP Constantine (Sep 14)