IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IDSes and known attacks (was: NIPS Vendors explicit answer)

From: Drexx Laggui <drexx () i-manila com ph>
Date: Wed, 28 Apr 2004 02:40:15 -0800
28Apr2004 (UTC -7)

Frank Knobbe wrote:
...[snip]...

IDSes are Intrusion Detection Systems. Why do we need to detect
something that we know exists? In my opinion we should focus our efforts
on detecting the *unknown* events, not the known ones. I argue that you
are looking the wrong way :) 
...[snip]...
Just to clarify, we still need IDSes to monitor *known* attack patterns, so as to make-up for the inadequacies of firewall products/systems. As many of us know, it's easier to sniff out malicious attacks against different network applications, than asking the firewall vendor to secure protocols other than HTTP or SMTP or FTP (for example). And yes, we also know that once an IDS picks up an attack, it may already be too late --but hey, better late than never. 


Drexx Laggui
Asia-Pacific Region


---------------------------------------------------------------------------

---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: