Firewall Wizards mailing list archives
Re: INtrusion Detection
From: tqbf () secnet com
Date: Wed, 18 Feb 1998 12:17:18 -0600 (CST)
It was not until the SNI paper that some light was shed into the basic design flaws and vulnerabilities of network IDS's.
Actually, Vern Paxson's "Bro" paper (presented at Usenix, you can download at http://ftp.ee.lbl.gov/pspers/bro-usenix98-revised.ps.Z) beat us to the punch. For people more interested in how one could work around the IDS problems we discovered, Paxson's paper is more valuable than ours. Certainly both are well worth reading. =)
Before it every IDS vendor would claim their software was not vulnerable.
It would appear that you are not aware of what the vendors are claiming right now. What I have seen change since the release of our paper is that the vendors have invoked the all-powerful "nothing is 100% secure" clause, and ignored our work entirely (although I assume there are bugfixes planned at some time in the near future).
How can one recommend a product over another without having such information?
The magazines seem to get by fine with little or no knowledge of what it is they're evaluating. The easiest and most effective (for a magazine) way to evaluate security products is to rank them in order of advertising dollars spent. ----------------------------------------------------------------------------- Thomas H. Ptacek Secure Networks, Inc. ----------------------------------------------------------------------------- http://www.enteract.com/~tqbf "mmm... sacrilicious"
Current thread:
- Re: Practical Firewall Metrics, (continued)
- Re: Practical Firewall Metrics Michael Brennen (Feb 20)
- Re: Practical Firewall Metrics Marcus J. Ranum (Feb 20)
- Re: Practical Firewall Metrics Christopher Nicholls (Feb 24)
- Re: Practical Firewall Metrics Bennett Todd (Feb 20)
- Re: Practical Firewall Metrics Leonard Miyata (Feb 20)
- Re: Practical Firewall Metrics...Was: INtrusion Detection Bennett Todd (Feb 20)
- Re: INtrusion Detection Adam Shostack (Feb 18)
- Re: INtrusion Detection Marcus J. Ranum (Feb 18)
- RE: INtrusion Detection Alfred Huger (Feb 19)
- Re: INtrusion Detection tqbf (Feb 19)
- Re: INtrusion Detection George M. Jones (Feb 20)
- Re: INtrusion Detection Alfred Huger (Feb 20)