Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

RE: For those of you that don't know....

From: "Maynor, David (ISS Atlanta)" <dmaynor () iss net>
Date: Mon, 13 Dec 2004 16:01:03 -0500
        

Please judge the log in your own eye before pointing a sharp stick in
someone else's eye!
Not to flame here, but ISS's Xforce is definately in the business of
writing exploits to validate IDS sigs you create and to place in your
wonderful ISS Scanner.


        

I think it's great that products like Canvas can call b.s. on your
signatures without hiding behind the 'oh our sploits are so secret and
proprietary. 


I think you are missing the point but instead of trying to convince you
otherwise why not just ask Dave how well Proventia stops evasion
attempts. And for the kicker we don't say our exploits are "oh so
secret." If you read things like focus-ids I made a post that tells you
exactly how the evasions work. 



He can say that he has an experience and an opinion. Please treat

members >of this list with some dignity and respect because I am sure
they have 

(especially Sinan) has earned it, but please don't place your flame

from >something that is hearsay.
        
You didn't respond to the simple "they are evaded with RPC
fragmentation" bit. Until you can stand on a technical argument I
suggest doing more research.


Translation:



Shampoo is better than conditioner!



What other NIPS/HIPS are you talking about other than ISS? Please throw

us >a few bones than simply saying 'nuh uh'. Try to give some educated

responses on why the vendors (especially HIPS department) may or may

not be >better.

What in my above statement even mentioned HIPS, I was just trying to
find out what vendors Sinan was speaking of. I already gave an educated
response as to why Tippingpoint is a substandard solution (reference my
RPC frag comment or go find my focus-ids post on evading IPS). You
haven't responded to a single technical statement, try it.


         

        -----Original Message----- 
        From: Sinan Eren [mailto:sinan.eren () immunitysec com] 
        Sent: Monday, December 13, 2004 2:39 PM 
        To: Maynor, David (ISS Atlanta) 
        Cc: dailydave 
        Subject: Re: [Dailydave] For those of you that don't know.... 

        > Who knew PCRE was worth that much? 

        Compared to other marketed NIDS/NIPS tippingpoint was doing a
much 
        better 
        job. So it did not suprise me much. 

        Same could be said for Determina being so much better than all
the other 

        marketted HIPS out there. So i expect to see some big
acquisition in 
        that 
        too. 

        I would personally pick tippingpoint and determina if i was in a
CSO 
        or similar position. So standing from a technical point of view
I would 
        endorse both of these products. 

        cheers, 
        Sinan 



        _______________________________________________ 
        Dailydave mailing list 
        Dailydave () lists immunitysec com 
        https://lists.immunitysec.com/mailman/listinfo/dailydave 


Confidentiality Notice: This e-mail communication and any attachments
may contain 
confidential and privileged information for the use of the designated
recipients named above. If 
you are not the intended recipient, you are hereby notified that you
have received this 
communication in error and that any review, disclosure, dissemination,
distribution or 
copying of it or its contents is prohibited. If you have received this
communication in 
error, please notify me immediately by replying to this message and
deleting it from your 
computer. Thank you.

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: