IDS mailing list archives
Re: TippingPoint Releases Open Source Code for First Intrusion Pr evention Test Tool, Tomahawk
From: ADT <synfinatic () gmail com>
Date: Wed, 3 Nov 2004 10:04:48 -0800
Because IDS/IPS companies spend a fair amount of their time/effort tracking down these exploits and capturing them for their internal development, QA and competitive testing. Unlike the AV industry the IDS/IPS industry doesn't work together on detecting new exploits, and hence if company A has a capture/exploit for a new worm before company B then they can write a signature for it sooner and have better coverage then their competition and beat their marketing drum louder. -Aaron -- http://synfin.net/ On Tue, 2 Nov 2004 11:00:58 -0600, Compton, Rich <rcompton () chartercom com> wrote:
Why the heck would a pcap be confidential? As far as I know the pcaps that would be used in IPS testing would consist of some attack traffic (maybe obfuscated w/ fragrouter) with a mix of valid traffic. You replay the pcap and verify that the attack traffic was blocked. Anybody can generate and record this traffic relatively easily. Would it be because some IPSs work well with certain types of traffic (pcaps) and not very well with others? If so, then the community should share this information and these pcap files to reproduce the results. We could then make better informed decisions about what is the right device to purchase for our networks.
-------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- RE: TippingPoint Releases Open Source Code for First Intrusion Pr evention Test Tool, Tomahawk Compton, Rich (Nov 02)
- Re: TippingPoint Releases Open Source Code for First Intrusion Pr evention Test Tool, Tomahawk ADT (Nov 03)