Penetration Testing mailing list archives
Re: [PEN-TEST] Recourse Technologies -- info wanted
From: Oliver Friedrichs <ofriedrichs () SECURITYFOCUS COM>
Date: Tue, 3 Oct 2000 09:48:34 -0700
I've come to believe that this is more of a marketing tactic than an actual fact. I can believe that this would be true for an IDS with only a few signatures enabled, or one doing offline processing, but an IDS that is doing pattern matches on over 700 signatures in realtime, this is practically infeasible. Feel free to prove me wrong, but I've heard from several people, even friends working for competing companies, that claim their IDS does this, and I don't believe it. My reasoning is that for me to believe this there has to be proven facts, rather than marketing hype. And I would also want to understand their algorithm for doing this, which I don't believe any of them have made public. This is very similar to the scanner market, where each vendor may have their own method for detecting a particular vulnerability, the the customer places implicit trust in the vendor, with very few having any idea what happens under the hood. I doubt this will change anytime soon though, after-all who would want to release such a detailed specification of their product, in fear of losing their perceived advantage. - Oliver
-----Original Message----- From: Mark Teicher [mailto:mark.teicher () NETWORKICE COM] Sent: Tuesday, October 03, 2000 8:43 AM To: PEN-TEST () SECURITYFOCUS COM Subject: Re: [PEN-TEST] Recourse Technologies -- info wanted I would like to see them prove the following statement: "With 100 percent data capture at volumes exceeding 1 Gbps".. Since only a few IDS vendors are capable of capturing data at volumes of 1 Gbps /mark At 11:08 PM 10/2/00 -0400, subscribe wrote:ManTrap and ManHunt: coded in C++ and Java...the usual JAVA for the GUI viewing.... what else? >> oh, has 'typical' signatures coded in software, BUTalso has 'anomaly'based signatures as well...not pure 'anomaly', but it hasbeen coded in away that it attempts to take a known signature, tweak it a bit (for example, slow the packets down, etc.), and treat that as athreat as well.In layman's terms, it knows what all IDS know, and a step beyond it attempts to pre-empt new attacks which are based on old onesvia theseanomaly signatures. c.t.Hello: Has anybody dealt with or know about Recourse Technologies (www.recoursetechnologies.com) and its products? Anyinfo is appreciated.Thanks, -andrew
Current thread:
- [PEN-TEST] Recourse Technologies -- info wanted Andrew Teklemariam (Oct 02)
- Re: [PEN-TEST] Recourse Technologies -- info wanted Ben Rothke (Oct 03)
- Re: [PEN-TEST] Recourse Technologies -- info wanted Mark Teicher (Oct 03)
- Re: [PEN-TEST] Recourse Technologies -- info wanted Mark Teicher (Oct 03)
- Re: [PEN-TEST] Recourse Technologies -- info wanted Ryan Permeh (Oct 03)
- Re: [PEN-TEST] Recourse Technologies -- info wanted Ben Rothke (Oct 03)
- Re: [PEN-TEST] Recourse Technologies -- info wanted Erik Tayler (Oct 03)
- Re: [PEN-TEST] Recourse Technologies -- info wanted Ryan Permeh (Oct 03)
- <Possible follow-ups>
- Re: [PEN-TEST] Recourse Technologies -- info wanted subscribe (Oct 03)
- Re: [PEN-TEST] Recourse Technologies -- info wanted Mark Teicher (Oct 03)
- Re: [PEN-TEST] Recourse Technologies -- info wanted Paul Cardon (Oct 09)
- Re: [PEN-TEST] Recourse Technologies -- info wanted Oliver Friedrichs (Oct 03)
- Re: [PEN-TEST] Recourse Technologies -- info wanted Peter Van Epp (Oct 03)
- Re: [PEN-TEST] Recourse Technologies -- info wanted Mark Teicher (Oct 03)
- Re: [PEN-TEST] Recourse Technologies -- info wanted Andrew Lawton (Oct 04)
- Re: [PEN-TEST] Recourse Technologies -- info wanted Ben Rothke (Oct 03)