IDS mailing list archives
Re: Juniper and ISS Protocol Anomaly Detection Evaluation
From: Stefano Zanero <zanero () elet polimi it>
Date: Thu, 18 May 2006 22:23:38 +0200
Steven Williams wrote:
Guys, Have a look at Extreme Networks Sentriant. More designed for internal protection than perimeter, this offers true Day Zero mitigation instead on relying on signatures or patterns, and also looks at layer 2 traffic as well.
Sounds like a vendor pitch to me... setting aside the fact that it's unusually difficult to find any technical information on that website, let's also ignore the fact that an intrusion prevention system is usually placed on an enforcement point, and therefore rarely useful for internal protection... What would "true zero day mitigation" mean, exactly ? From what I read, it looks like a rather naive application of dynamic quarantine combined with non-allocated space virtual honeypots. Something you can easily do with Linux, honeyd, arpd, and a couple of scripts. Am I missing something ? Stefano BTW: "Hyper Detection" sounds a bit like star trek. My kudos to the marketing department... ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
Current thread:
- Juniper and ISS Protocol Anomaly Detection Evaluation Mike Youngs (May 15)
- RE: Juniper and ISS Protocol Anomaly Detection Evaluation Chris Hummel (May 16)
- Ha: RE: Juniper and ISS Protocol Anomaly Detection Evaluation Dmitry V Ushakov (May 17)
- RE: RE: Juniper and ISS Protocol Anomaly Detection Evaluation Security Focus (May 18)
- Ha: RE: Juniper and ISS Protocol Anomaly Detection Evaluation Dmitry V Ushakov (May 17)
- <Possible follow-ups>
- RE: Juniper and ISS Protocol Anomaly Detection Evaluation Reynolds, Wayne (May 15)
- RE: Juniper and ISS Protocol Anomaly Detection Evaluation Compton, Rich (May 16)
- RE: Juniper and ISS Protocol Anomaly Detection Evaluation Steven Williams (May 16)
- Re: Juniper and ISS Protocol Anomaly Detection Evaluation Stefano Zanero (May 18)
- RE: Juniper and ISS Protocol Anomaly Detection Evaluation Biswas, Proneet (May 19)
- Re: Juniper and ISS Protocol Anomaly Detection Evaluation Eric Hanselman (May 18)
- RE: Juniper and ISS Protocol Anomaly Detection Evaluation Biswas, Proneet (May 19)
- Re: Juniper and ISS Protocol Anomaly Detection Evaluation Stefano Zanero (May 18)
- RE: Juniper and ISS Protocol Anomaly Detection Evaluation Chris Hummel (May 16)