Firewall Wizards mailing list archives
INtrusion Detection
From: Gary Crumrine <gcrum () us-state gov>
Date: Tue, 17 Feb 1998 07:29:08 -0500
I started a similar thread a few days ago on the IDS list, and it seems to have spilled over to here. One thing that I have noticed, is that we tend to deal in absolutes... A product has to meet x,y,z absolutely or it is considered BAD. I totally disagree with that thought stream. Take a look at the needs of a bank, VS. the little shop down the block that wants to protect their ten employee internet connection. Who's needs are more? I think that the first answer is both are equal. But the poor guy doesn't have the $ to spend like the bank. He needs something...so he is willing to accept more of a risk, and use something less robust IE Costing less. It makes damn good sense to me to recommend a product that may be less robust, but affordable in lieu of him going totally without..... I think we are becoming too closed minded these days. We need to root out solutions, not attacking each other's ideas My 2 cents worth -----Original Message----- From: Vern Paxson [SMTP:vern () ee lbl gov] Sent: Sunday, February 15, 1998 2:16 AM To: Craig Brozefsky Cc: firewall-wizards () nfr net Subject: Re: Important Comments re: INtrusion Detection
How about time series analysis of request response cycles, or statistical analysis of larger traffic patterns?
I'm skeptical that you can reliably detect attackers this way. A theme from the measurement studies I've done is that many aspects of "normal" traffic have an extremely large range of behavior; so it seems all-to-easy for an attacker to shape their illicit traffic to fit somewhere within that wide range, and therefore go undetected. Vern
Current thread:
- INtrusion Detection Gary Crumrine (Feb 17)
- Re: INtrusion Detection Frederick M Avolio (Feb 18)
- Re: INtrusion Detection Aleph One (Feb 18)
- Practical Firewall Metrics...Was: INtrusion Detection Christopher Nicholls (Feb 20)
- Re: Practical Firewall Metrics Marcus J. Ranum (Feb 20)
- Re: Practical Firewall Metrics Michael Brennen (Feb 20)
- Re: Practical Firewall Metrics Marcus J. Ranum (Feb 20)
- Re: Practical Firewall Metrics Christopher Nicholls (Feb 24)
- Practical Firewall Metrics...Was: INtrusion Detection Christopher Nicholls (Feb 20)
- Re: Practical Firewall Metrics Bennett Todd (Feb 20)
- Re: Practical Firewall Metrics Leonard Miyata (Feb 20)
- Re: Practical Firewall Metrics...Was: INtrusion Detection Bennett Todd (Feb 20)