Re: How to choose an IDS/FW MSS provider

["David W. Goodrum" <dgoodrum () nfr com>]

I was actually referring to signature exploits.  I am aware that there 
were documented vulnerabilities in NFR's old R&D versions.  Once NFR 
went to it's appliance version of the product and closed everything but 
the signatures (and this entire thread has been surrounding open vs 
closed signatures I believe) we have not had a vulnerability in our 
signature set. 

However, technically, you are 100% correct, so I apologize for what may 
have been a misleading statement. 

sorry about the mis-statement...

-dave

Thomas H.Ptacek wrote:

> It's not true that NFR has never had a remote exploit.
>
> I may be mis-reading the statement, but I discovered and published an 
> advisory for a remote root vulnerability in NFR back when I worked at 
> Network Associates.
>
> On Mar 17, 2005, at 5:24 PM, Martin Roesch wrote:
>
> > > I agree with your comments about writing good signatures.  We 
> > > released a whitepaper a couple of years back in an effort to teach 
> > > people how to write good signatures using the NFR product, and even 
> > > though we've had our signatures openly readable since day 1, we've 
> > > never had a remote exploit.  (well okay, we didn't actually have 
> > > signatures on day 1, but you know what i mean. ;) )
> ---
> Thomas H. Ptacek -- (734) 604-0070
> ---
> "If you're so special, why aren't you dead?"

--
David W. Goodrum
Senior Systems Engineer
NFR Security
703.731.3765


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------