Re: Linux snares security tool

[InfoSec News <isn () c4i org>]

Forwarded from: Aj Effin Reznor <aj () reznor com>
Cc: ejovi () ejovi net, nicole.bellamy () zdnet com au

"InfoSec News was known to say....."

> Is this an article or jibberish? Jibberish or a press release
> poorly cloaked as a article? What exactly do you mean by
> intergrated? Are you saying that all the major Linux distrubutions
> will include this as part of their base system install?

I'd have to agree with all the above sentiments.  This is hardly
anything knew, unless it happens to perform as a kernel level patch.

> Or are you saying that it works on Linux? I'm confused. I suspect
> you are too. Why did you not research the subject, if you had you
> would have found tripwire (http://www.tripwire.org/) which has
> been around and widely used for almost 10 years.

Not only that, but both Portsentry and Snort do (well, have been
doing) just about everything listed below for awhile now, also.

> What about quoting experts other then the company CEO? Either
> you've been had, or need a refresher course in journlistic
> intergrity.

This seems to be the norm for zdnet lately, unfortunately.  They've
really gone south with the "quality" of their articles.  "Sounds good"
appears to take priority over "factually correct" nowadays....

I also take issue with the defintions of "host based" vs. "network
based"  IDS.  Hostbased is more than just successful network based
intrustion. A good network-based IDS will catch attempts at other
hosts, as well as general network devices (switches, routers,
printers) that generally don't or can't have IDS running on them.



-aj.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.