Re: Intrushield vs ISS

[Dave Aitel <dave () immunitysec com>]

Interesting, because this means Intrushield must parse MSRPC and SMB 
correctly. This is actually quite rare in an NIDS or NIPS. It'd be good 
to see what NFR and some of the other heavy hitters do.

You did use maximum covertness, correct? (Sliding the covertness bar to 
the right before running the exploit will do all the fun fragmentation.)

Dave Aitel
Immunity, Inc.


Terry N. wrote:

> Unfortunately I have not had the opportunity to work with ISS. However
> IntruShield passes the test.
>
>  
>
> > Assuming you have an evaluation copy of each, you could run the CRI
> >    
> against it and see what that does for you...I know ISS passes, but
> I've not seen anyone test Intrushield.
>
>  
>
> > Dave Aitel
> >    
> Immunity, Inc.
>  
>
> > Jacob Winston wrote:
> >    
>
>  
>
> > I have been evaluating Intrushield and ISS but am still unsure on
> >    
> which route to take. Does anyone have compelling info on why
> Intrushield is better or vice-versa? Any help is appreciated.
>  
>
> > Thank you in advance.
> >    
>
> --------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it with real-world attacks from 
> CORE IMPACT.
> Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
> to learn more.
> --------------------------------------------------------------------------
>
>  


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------