Penetration Testing mailing list archives

Re: [PEN-TEST] IDS

From: "Dunker, Noah" <NDunker () FISHNETSECURITY COM>
Date: Tue, 12 Sep 2000 12:37:19 -0500

One good thing to do would be to check out some of the pen-test archives,
as there was a rather lengthy thread about the IDS arena.  Check here
(sorry for the long-winded URL):
http://www.securityfocus.com/templates/archive.pike?threads=1&end=2000-08-17
&start=2000-08-11&tid=76806&list=101&fromthread=0&

Personally, I dont' keep much Intrusion detection stuff in my "toolbox",
but at home, I stick with things like snort, and PortSentry.  In real
life, There are tons of different commercial packages being used, and
only a handful of the commercial packages are worth looking at. All
of them are, IMHO, overpriced.

"Scheduled usage" confuses me a little.  for the most part, IDS's run
around the clock, and notify admins when certain things happen.

--Noah Dunker
Network Security Engineer
FishNet Security

* This document may contain views and opinions that are my own, and
  not that of my employer.

-----Original Message-----
From: Alt, Brandon [mailto:cheshire () DOTNOW COM]
Sent: Tuesday, September 12, 2000 1:18 AM
To: PEN-TEST () SECURITYFOCUS COM
Subject: IDS


As far as IDS I know the basics. What I'd like to know is about the specific
tools. What is out there for each platform? Is there anything that will
cover
multi-platform? What does everyone have in their toolkits? What type of
usage
do you perform(schedules, responses, etc)?
Thanks in advance.
http://www.dotNow.com ... totally free Internet access is here!

Current thread:

[PEN-TEST] IDS Alt, Brandon (Sep 12)
- Re: [PEN-TEST] IDS Jensenne Roculan (Sep 12)
- <Possible follow-ups>
- Re: [PEN-TEST] IDS Dunker, Noah (Sep 12)