Full Disclosure mailing list archives
Re: An open question for Snort and Project Honeynet
From: "Matsu Kandagawa" <matsu () mailvault com>
Date: Thu, 25 Sep 2003 16:18:45 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- From: Schmehl, Paul L (pauls_at_utdallas.edu) Date: Sep 25 2003
One more in the idiot bin
The fact that the best you can do is call me an idiot for having the temerity to raise deadly serious issues says a lot more about you than it does me. It might be okay to toss off a dismissive one-liner to some zittey teenager, but if you can't tell the difference based on what I've written, God help you. Of course, since it's likely you've never done any research into the detectability of these tools yourself, I see no particular reason you should find yourself qualified to respond one way or the other. Your two cents from the peanut gallery might actually mean something if it were coming from a real researcher-- sadly, not the case at all. Just get back to your administrative drudgework or whatever it is you do to kill time in Texas and stay out of it if you have nothing constructive to contribute. Anyway, I'm not pretending to be some kind of Snort expert, so if in my ignorance I failed to see that "off-by-one's, integer overflows, and logic bugs" is some kind of a bluff, I'm perfectly willing to own up to it. However, I certainly reserve the right to ask, especially in light of the snake-oil carnival huckster "Everybody relax-it-doesn't-matter-that-we-got-owned" nature of Snort's spin-doctoring response. It forces me to call into question both the honesty and the competence of the entire organization. I was already far from being impressed by the technical capablities of one of their team members I met at a conference who struck me as being far outclassed in terms of skills by the people challenging him. Which wouldn't be any big news, except that Snort really is about the best we've got. And that's sad. My lack of Snort expertise notwithstanding, I am intimately familiar with deception as applied to CND. It makes me literally sick to my stomach to hear some of you (you know who you are) cackling among your friends about how much money you were able to pry out of the government for research products which are nothing but an overhyped fraud. You've all heard it. You know when you've done it. Either you know perfectly well when, where and how your honeypot tools can be detected and are defrauding your sponsors, or you can't tell and are stupid. I suppose I've been giving you the benefit of the doubt by assuming the former. And if you know and you can't fix it, for God's sake lay off of your Mickey Mouse con job already, it's embarrassing. To the guilty: the next time I see you at a conference, I'll smile, shake your hand and make polite chit chat, like I always have. All the while wishing I could spit in your face. Like I always have. And the sheer beauty of it is you'll never know the difference. Here's to honesty, Matsu. -----BEGIN PGP SIGNATURE----- Version: MailVault 2.2 from Laissez Faire City http://www.mailvault.com iQA/AwUAP3NND2M5xTGTuR0REQLywwCfa1nb54htRXoHzgVI/f6UuXuO794AnjIN 5JAPiuScXcWs8WIJiN88rilX =1+Nr -----END PGP SIGNATURE-----
Current thread:
- An open question for Snort and Project Honeynet Matsu Kandagawa (Sep 23)
- Re: An open question for Snort and Project Honeynet Blue Boar (Sep 23)
- Re: An open question for Snort and Project Honeynet northern snowfall (Sep 23)
- <Possible follow-ups>
- RE: An open question for Snort and Project Honeynet Zach Forsyth (Sep 23)
- Re: An open question for Snort and Project Honeynet Matsu Kandagawa (Sep 24)
- RE: An open question for Snort and Project Honeynet Schmehl, Paul L (Sep 25)
- Re: An open question for Snort and Project Honeynet Matsu Kandagawa (Sep 25)
- Re: An open question for Snort and Project Honeynet madsaxon (Sep 25)
- RE: An open question for Snort and Project Honeynet Ma tsu Kan daga waga (Sep 25)
- RE: An open question for Snort and Project Honeynet Matsu Kandagawa (Sep 26)
- Re: An open question for Snort and Project Honeynet Blue Boar (Sep 26)
- Re: An open question for Snort and Project Honeynet Matsu Kandagawa (Sep 27)