IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Current state of Anomaly-based Intrusion Detection

From: Thomas Ptacek <tqbf () arbor net>
Date: Thu, 3 Mar 2005 13:08:32 -0500
On Mar 1, 2005, at 2:17 PM, Gunnoe, Jason wrote:
I have seen large ISP's implement anomaly technologies on internet backbones, but typically, they are only useful for identifying large scale malware disruptions before they happen. They always give the slammer example, which is what, 4 years old now...
The Slammer example is usually given because it was one of the hardest attacks in the last 2 years to defend against, and one of the most damaging.
I'm not sure whether you're trying to imply that these detection capabilities "weren't up to the task" of detecting Sasser. If that's your point, why don't you take a minute to justify it? 

---
Thomas H. Ptacek // Arbor Networks
(734) 327-0000


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. 
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: