IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Juniper and ISS Protocol Anomaly Detection Evaluation

From: Stefano Zanero <zanero () elet polimi it>
Date: Thu, 18 May 2006 22:23:38 +0200
Steven Williams wrote:

Guys,

Have a look at Extreme Networks Sentriant. More designed for internal
protection than perimeter, this offers true Day Zero mitigation instead
on relying on signatures or patterns, and also looks at layer 2 traffic
as well.


Sounds like a vendor pitch to me...  setting aside the fact that it's
unusually difficult to find any technical information on that website,
let's also ignore the fact that an intrusion prevention system is
usually placed on an enforcement point, and therefore rarely useful for
internal protection...

What would "true zero day mitigation" mean, exactly ? From what I read,
it looks like a rather naive application of dynamic quarantine combined
with non-allocated space virtual honeypots. Something you can easily do
with Linux, honeyd, arpd, and a couple of scripts.

Am I missing something ?

Stefano

BTW: "Hyper Detection" sounds a bit like star trek. My kudos to the
marketing department...

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: