IDS mailing list archives
Re: Wishlist for IPS Products
From: David Maynor <dmaynor () gmail com>
Date: Mon, 20 Sep 2004 18:58:15 -0400
Claims don't really mean much to me. After going through the song and dance sales pitch of most IPS vendors that claim serious protection but instead only offer a false sense of security I am a bit jaded. False negatives in Tipping Point are as plentiful as beer in Germany. You want an example? Take a jpeg and somewhere in it embed an offending guid from ms03-026 or ms03-039. Copy this jpeg between two windows machines over file sharing. Viola, tipping point just fired the sig over the the pic being copied. If they had real protocol parsing this would not be possible. On Sat, 18 Sep 2004 10:28:58 -0400, idswizard () earthlink net <idswizard () earthlink net> wrote:
Only way to do this and not create tons of false postives is true protocolparsing. This knocks out most IPS vendors like Tipping Point. That is an interesting statement. Tipping Point claims to only have one customer experience a false positive and it was based on Chat traffic. During a SANS webcast, Los Alamos National Laboratory seemed to back that data (https://www.sans.org/webcasts/show.php?webcastid=90514). What test(s) have you done showing Tipping Point is prone to false positives based on their signatures/filters? -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
-------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- Re: Wishlist for IPS Products, (continued)
- Re: Wishlist for IPS Products Srinivasa Rao Addepalli (Sep 14)
- Re: Wishlist for IPS Products David Maynor (Sep 14)
- Re: Wishlist for IPS Products PS R (Sep 14)
- Re: Wishlist for IPS Products Tony Carter (Sep 17)
- Re: Wishlist for IPS Products PS R (Sep 17)
- Re: Wishlist for IPS Products David Maynor (Sep 21)
- Re: Wishlist for IPS Products David Maynor (Sep 20)
- Re: Wishlist for IPS Products David Maynor (Sep 22)
- Re: Wishlist for IPS Products PS R (Sep 24)
- Re: Wishlist for IPS Products David Maynor (Sep 20)