IDS mailing list archives

Re: IDS is dead, etc

From: Jonathan Rickman <jonathan () xcorps net>
Date: Tue, 19 Aug 2003 22:21:26 -0400

-----BEGIN PGP SIGNED MESSAGE-----

On Friday 15 August 2003 21:26, Paul Schmehl wrote:

Are you really serious about this?  Because I don't think you could
possibly be more wrong.  There are an infinite number of answers that can
be returned for a given set of parameters, not a simple yes or no.  Mind
you, I'm not arguing that you can solve every problem with an algorithm,
but *surely* you don't really believe that algorithms can only respond
with binary answers?  If this were really true, it wouldn't even be
possible to have more than two alert levels - Alert or no alert.

Let me clarify. I'm speaking theoretically, not technically. Sure, you can
give the system an infinite number of signatures and variables...but the
code still can't think for itself or correct flaws introduced by humans.
Because the machine can't configure itself, the flaws introduced by humans
can't really be eliminated. In the end, it's a matter of yes or no. The
system isn't really making any decisions. Either it matches or it does not.
Sure, you can tell it to spit out any number of answers, but it's still an
"if this then do this" scenario. The machine can't slap itself on the
forehead, exclaim "DOH!!!", and make adjustments on the fly. It will
continue to repeat the same mistake until a person intervenes. I suppose
it's just another case of the old garbage in garbage out cliche, but it's
still true.

- --
Jonathan Rickman
X Corps Security
http://www.xcorps.net

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBP0LbLTTwrX0N9QH/AQERjQf7Bhk59EFZXXn1hZYEbuHR2fbSr2tQjpiE
aaaX2Abrfdsz10PZ1j2ijWHjYMPFOYAmhgyabetrPBN6wIRQa+gxcO4hARhDiaTd
Cc6Mysm/6L4dyTM3xc4bdESyU3K/LmjxQZYq5Ll2qMkgkiRY0rXs5QZwkCMUgYar
wantU4rPD28Jzb2mnBUgPDAcFcB0jONUlwPptCNsfEXTovMWrxpqsIIEyfzXglCD
x9RUiRFxvVWOJM1Txsm5CG1H1S6gdjqSsDYAeWWRzF+nE2nPm2z6wzKqM21kWAp/
lWRo2tXWof3yyx1QSezCkqYw1K5LjuajGeHeySM6nKyCxHMzSwiU6Q==
=89bF
-----END PGP SIGNATURE-----

---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner,
VA; the worldÂs premier
technical IT security event. Modeled after the famous Black Hat event in
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
Symanetc is the Diamond sponsor. Early-bird registration ends September 6 Visit: www.blackhat.com
---------------------------------------------------------------------------

Current thread:

Re: IDS is dead, etc, (continued)
- - - Re: IDS is dead, etc Frank Knobbe (Aug 11)
    - RE: IDS is dead, etc Bob Buel (Aug 11)
    - Re: IDS is dead, etc Barry Fitzgerald (Aug 11)
    - Belaboring the point of FPs Paul Schmehl (Aug 12)
    - Re: Belaboring the point of FPs Martin Roesch (Aug 13)
    - Message not available
    - Off-Topic: perfect firewall (was Re: IDS is dead, etc) Bennett Todd (Aug 11)
- RE: IDS is dead, etc JAVIER OTERO (Aug 12)
  - RE: IDS is dead, etc Omar Herrera (Aug 13)
    - Re: IDS is dead, etc Jonathan Rickman (Aug 15)
    - Re: IDS is dead, etc Paul Schmehl (Aug 19)
    - Re: IDS is dead, etc Jonathan Rickman (Aug 21)
- RE: IDS is dead, etc Laurent Demailly (Aug 25)