IDS mailing list archives
Re: Intrushield vs ISS
From: Dave Aitel <dave () immunitysec com>
Date: Fri, 31 Dec 2004 00:13:04 -0500
Interesting, because this means Intrushield must parse MSRPC and SMB correctly. This is actually quite rare in an NIDS or NIPS. It'd be good to see what NFR and some of the other heavy hitters do.
You did use maximum covertness, correct? (Sliding the covertness bar to the right before running the exploit will do all the fun fragmentation.)
Dave Aitel Immunity, Inc. Terry N. wrote:
Unfortunately I have not had the opportunity to work with ISS. However IntruShield passes the test.Assuming you have an evaluation copy of each, you could run the CRIagainst it and see what that does for you...I know ISS passes, but I've not seen anyone test Intrushield.Dave AitelImmunity, Inc.Jacob Winston wrote:I have been evaluating Intrushield and ISS but am still unsure onwhich route to take. Does anyone have compelling info on why Intrushield is better or vice-versa? Any help is appreciated.Thank you in advance.-------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly?Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.--------------------------------------------------------------------------
-------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly?Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------
Current thread:
- Re: Intrushield vs ISS Terry N. (Dec 30)
- Re: Intrushield vs ISS Dave Aitel (Dec 30)