Snort mailing list archives
Re: OT: IDS: issues and problems.
From: skadhi () ib-group com (skadhi)
Date: 18 Jan 2002 09:55:07 +0100
On Thu, 2002-01-17 at 22:35, Ashley Thomas wrote:
What are the "current" problems that IDS design is facing: - to monitor at high traffic. - to do tcp stream assembly. - to detect evasion. any others ? very important ones ?
- to defeat stateholding attacks I think that the work of Handley & Paxson on packet normalization to help with NIDS evasion is very cool. OpenBSD PF's scrub already helps with that (thru normalization & defragmentation). For more information about this topic: http://www.icir.org/vern/papers/norm-usenix-sec-01-html/ -- /Saad Kadhi -- [skadhi () ib-group com] [pgp keyid: 35592A6D http://pgp.mit.edu] # buy a geek-in-a-can, point nozzle at technical problem and spray # if desesperate degauss your screen. it might solve your pb as well _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- OT: IDS: issues and problems. Ashley Thomas (Jan 17)
- Re: OT: IDS: issues and problems. skadhi (Jan 18)