Re: OT: IDS: issues and problems.

[skadhi () ib-group com (skadhi)]

On Thu, 2002-01-17 at 22:35, Ashley Thomas wrote:
> What are the "current" problems that IDS design is facing:
> - to monitor at high traffic.
> - to do tcp stream assembly.
> - to detect evasion.
>
> any others ? very important ones ?
- to defeat stateholding attacks

I think that the work of Handley & Paxson on packet normalization to
help with NIDS evasion is very cool. OpenBSD PF's scrub already helps
with that (thru normalization & defragmentation). For more information
about this topic:
http://www.icir.org/vern/papers/norm-usenix-sec-01-html/


-- 
/Saad Kadhi --  [skadhi () ib-group com] 
[pgp keyid: 35592A6D http://pgp.mit.edu]
# buy a geek-in-a-can, point nozzle at technical problem and spray
# if desesperate degauss your screen. it might solve your pb as well


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users