Re: Announcement: Alert Verification for Snort

[Michael Sierchio <kudzu () tenebras com>]

Michael Stone wrote:

> What people are looking for in an IDS is the detection of an intrusion.
> With that in mind, a simple definition is, "if the system alerts on
> something that's not an intrusion it's a false positive".

Not so, IMHO.  Attempts at intrusion are of interest, reconnaissance
is of interest -- just as these are in the case of physical
security.  Why?  Because a fundamental tenet of security is
that a determined adversary with sufficient resources will
defeat your countermeasures.


---------------------------------------------------------------------------
Network with over 10,000 of the brightest minds in information security
at the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and
see demos from more than 250 industry vendors. If your job touches
security, you need to be here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_focus-ids_031023 
and use priority code SF4.
---------------------------------------------------------------------------