IDS mailing list archives
Re: ForeScout ActiveScout (was: Re: Intrusion Prevention)
From: Dug Song <dugsong () monkey org>
Date: Tue, 17 Dec 2002 14:27:10 -0500
On Tue, Dec 17, 2002 at 12:48:27PM -0500, Matthew L. McGuirl wrote:
They "shine" because as far as I can tell, they're correlating their own data with their own data. This magical "mark" they stamp on the prober is unlikely to be more than something like a dummy username & password combination that gets stored in their database. When their IDS module sees a packet come in bearing this dummy data they can detect it regardless of its source IP.
just a new twist on an old idea: http://lists.insecure.org/lists/nmap-hackers/1999/Jan-Mar/0279.html -d. --- http://www.monkey.org/~dugsong/
Current thread:
- RE: ForeScout ActiveScout (was: Re: Intrusion Prevention), (continued)
- RE: ForeScout ActiveScout (was: Re: Intrusion Prevention) Omar Herrera (Dec 15)
- Re: ForeScout ActiveScout (was: Re: Intrusion Prevention) Frank Knobbe (Dec 15)
- Re: ForeScout ActiveScout (was: Re: Intrusion Prevention) Karl Lynn (Dec 16)
- RE: ForeScout ActiveScout (was: Re: Intrusion Prevention) Adam Powers (Dec 16)
- RE: ForeScout ActiveScout (was: Re: Intrusion Prevention) Matthew L. McGuirl (Dec 16)
- RE: ForeScout ActiveScout (was: Re: Intrusion Prevention) Dudley, Brian (ISS Chicago) (Dec 16)
- RE: ForeScout ActiveScout (was: Re: Intrusion Prevention) Karl Lynn (Dec 16)
- RE: ForeScout ActiveScout (was: Re: Intrusion Prevention) Frank Knobbe (Dec 17)
- RE: ForeScout ActiveScout (was: Re: Intrusion Prevention) Omar Herrera (Dec 17)
- RE: ForeScout ActiveScout (was: Re: Intrusion Prevention) Matthew L. McGuirl (Dec 17)
- Re: ForeScout ActiveScout (was: Re: Intrusion Prevention) Dug Song (Dec 17)