Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: INtrusion Detection

From: tqbf () secnet com
Date: Wed, 18 Feb 1998 12:17:18 -0600 (CST)


It was not until the SNI paper that some light was shed into the basic
design flaws and vulnerabilities of network IDS's.


Actually, Vern Paxson's "Bro" paper (presented at Usenix, you can 
download at http://ftp.ee.lbl.gov/pspers/bro-usenix98-revised.ps.Z)
beat us to the punch. For people more interested in how one could work
around the IDS problems we discovered, Paxson's paper is more valuable
than ours. Certainly both are well worth reading. =)


Before it every IDS
vendor would claim their software was not vulnerable.


It would appear that you are not aware of what the vendors are claiming
right now. What I have seen change since the release of our paper is that
the vendors have invoked the all-powerful "nothing is 100% secure" clause,
and ignored our work entirely (although I assume there are bugfixes
planned at some time in the near future). 


How can one
recommend a product over another without having such information?


The magazines seem to get by fine with little or no knowledge of what it
is they're evaluating. The easiest and most effective (for a magazine) way
to evaluate security products is to rank them in order of advertising
dollars spent.

-----------------------------------------------------------------------------
Thomas H. Ptacek                                        Secure Networks, Inc.
-----------------------------------------------------------------------------
http://www.enteract.com/~tqbf                           "mmm... sacrilicious"
Previous By Date Next
Previous By Thread Next

Current thread: