IDS mailing list archives

Re: Intrusion Prevention

From: Jill Tovey <jill.tovey () bigbluedoor com>
Date: 9 Dec 2002 09:46:10 -0000

In-Reply-To: <20021206031213.FGIH2199.lakemtao01.cox.net () smtp east cox net>

ActiveScout by all intents and purposes seems a unique and innovative   
approach to IDS technologies and provides a number of advantages over 
other detection systems, such as proactively detecting reconnaissance 
attacks. 

However, as far as I can see the disadvantages could be that you can only 
run the sensor on a redhat 7.2 platform, which is fairly old now.

On testing it seems to have performed well, however, I have read that 
there have been some problems.  ActiveScout is good at detecting attacks 
that are followed by reconnaissance activities, but does not catch all 
direct attacks made on a system. 

I think it would work well with an anomaly-based IDS on the internal 
network.

Kind Regards,

Jill Tovey

Current thread:

Intrusion Prevention intrusi0n (Dec 08)
- Re: Intrusion Prevention Paul Wayne Brager Jr (Dec 09)
- Re: Intrusion Prevention Raistlin (Dec 09)
  - Re: Intrusion Prevention roy lo (Dec 10)
- Re: Intrusion Prevention Karl Lynn (Dec 11)
- <Possible follow-ups>
- RE: Intrusion Prevention Avi Chesla (Dec 09)
- Re: Intrusion Prevention Jill Tovey (Dec 09)
  - Re: Intrusion Prevention Frank Knobbe (Dec 10)
- RE: Intrusion Prevention Adam Powers (Dec 10)
- RE: Intrusion Prevention Ralph Los (Dec 10)
- Re: Intrusion Prevention Vern Paxson (Dec 10)
  - RE: Intrusion Prevention Chris Petersen (Dec 11)
  - Intrusion Prevention Johnny Kho (Dec 23)
- RE: Intrusion Prevention Robert_Huber (Dec 11)
- RE: Intrusion Prevention Matthew L. McGuirl (Dec 11)
  - RE: Intrusion Prevention Frank Knobbe (Dec 11)
- RE: Intrusion Prevention Carey, Steve T GARRISON (Dec 23)

(Thread continues...)