IDS mailing list archives

Re: ForeScout ActiveScout (was: Re: Intrusion Prevention)

From: Dug Song <dugsong () monkey org>
Date: Tue, 17 Dec 2002 14:27:10 -0500

On Tue, Dec 17, 2002 at 12:48:27PM -0500, Matthew L. McGuirl wrote:

They "shine" because as far as I can tell, they're correlating their
own data with their own data. This magical "mark" they stamp on the
prober is unlikely to be more than something like a dummy username &
password combination that gets stored in their database. When their
IDS module sees a packet come in bearing this dummy data they can
detect it regardless of its source IP.


just a new twist on an old idea:

http://lists.insecure.org/lists/nmap-hackers/1999/Jan-Mar/0279.html

-d.

---
http://www.monkey.org/~dugsong/

Current thread:

RE: ForeScout ActiveScout (was: Re: Intrusion Prevention), (continued)
- RE: ForeScout ActiveScout (was: Re: Intrusion Prevention) Omar Herrera (Dec 15)
- Re: ForeScout ActiveScout (was: Re: Intrusion Prevention) Frank Knobbe (Dec 15)
- Re: ForeScout ActiveScout (was: Re: Intrusion Prevention) Karl Lynn (Dec 16)
- RE: ForeScout ActiveScout (was: Re: Intrusion Prevention) Adam Powers (Dec 16)
- RE: ForeScout ActiveScout (was: Re: Intrusion Prevention) Matthew L. McGuirl (Dec 16)
- RE: ForeScout ActiveScout (was: Re: Intrusion Prevention) Dudley, Brian (ISS Chicago) (Dec 16)
  - RE: ForeScout ActiveScout (was: Re: Intrusion Prevention) Karl Lynn (Dec 16)
- RE: ForeScout ActiveScout (was: Re: Intrusion Prevention) Frank Knobbe (Dec 17)
  - RE: ForeScout ActiveScout (was: Re: Intrusion Prevention) Omar Herrera (Dec 17)
- RE: ForeScout ActiveScout (was: Re: Intrusion Prevention) Matthew L. McGuirl (Dec 17)
  - Re: ForeScout ActiveScout (was: Re: Intrusion Prevention) Dug Song (Dec 17)