Firewall Wizards mailing list archives
Re: INtrusion Detection
From: "George M. Jones" <gjones () CompuServe NET>
Date: Fri, 20 Feb 1998 12:00:11 -0500 (EST)
On Thu, 19 Feb 1998 tqbf () secnet com wrote:
The current advertising claim that these systems work AT ALL is false (in my absolutist perspective), and remains so until the trivial problems are fixed.
I used one of these "systems [that don't work] AT ALL" recently to identify SMTP sessions delivering a total of more than 9,400,000 spam messages in a 5 day period. It also identified thousands of other attacks and potential attacks. I read your paper and I appreciate the seriousness of the fundamental flaws/limitations that you (and Vern Paxon) point out. I also genuinely appreciate the fact that you are exposing the problems and opening a serious discussion on the shortcomings of the products. But to say that they don't work at all is a bit over the edge. I think they do add incremental value, flaws and all. CISCO seems to agree. Now, if the vendors continue in silence, I will begin to be more concerned... George Jones, Internet Security Engineer, CompuServe Network Services Email: George.Jones () CompuServe NET, Voice: +1 614 723-4560 Snail Mail: 5000 Britton Rd., PO BOX 5000, Hilliard, Ohio 43026-5000 USA PGP: 1024/8C1CEFC9 Fingerprint 20 79 AE 12 D0 8C 44 8F C5 37 2B 40 EA F5 C3 35
Current thread:
- Re: Practical Firewall Metrics, (continued)
- Re: Practical Firewall Metrics Leonard Miyata (Feb 20)
- Re: Practical Firewall Metrics...Was: INtrusion Detection Bennett Todd (Feb 20)
- Re: INtrusion Detection tqbf (Feb 18)
- Re: INtrusion Detection Adam Shostack (Feb 18)
- Re: INtrusion Detection Vern Paxson (Feb 18)
- Re: INtrusion Detection Marcus J. Ranum (Feb 18)
- Re: INtrusion Detection tqbf (Feb 18)
- RE: INtrusion Detection Gary Crumrine (Feb 19)
- RE: INtrusion Detection Alfred Huger (Feb 19)
- Re: INtrusion Detection tqbf (Feb 19)
- Re: INtrusion Detection George M. Jones (Feb 20)
- Re: INtrusion Detection Alfred Huger (Feb 20)