Snort mailing list archives
Re: Off topic: ActiveScout?
From: JP Vossen <vossenjp () netaxs com>
Date: Fri, 4 Apr 2003 18:58:31 -0500 (EST)
On Fri, 4 Apr 2003 snort-users-request () lists sourceforge net wrote:
Message: 9 Date: Fri, 4 Apr 2003 15:54:56 -0600 From: Rich Adamson <radamson () routers com> To: Snort Users Postings <snort-users () lists sourceforge net> Subject: [Snort-users] Off topic: ActiveScout? Does anyone have any experience / knowledge about the ActiveScount product from ForeScout?
I reviewed it in Information Security Magazine's January 2003 issue: http://www.infosecuritymag.com/2003/jan/testcenter.shtml
Some of the marketing stuff makes it sound like Snort inline with some addon stuff.
I can see how you could come to that conclusion, but I'm not sure I'd agree. ActiveScout is not signature or rule based but attempts to detect "recon." One one hand, less and less recon is performed as more kiddies just run the 'Sploit. On the other hand, the pople who DO run recon are far more dangerous anyway, so detecting them has far more value that proportional to the numbers. YMMV. Read my review for the rest of my thoughts (FWIW :-). I might be inclided to run ActiveScout outside the FW and Snort inside as 2 of my layers. Also note there are several other product that are very similar to ActiveScount (IP Angle is one, I forget the others at the moment). Later, JP ------------------------------|:::======|-------------------------------- JP Vossen, CISSP |:::======| jp () jpsdomain org My Account, My Opinions |=========| http://www.jpsdomain.org/ ------------------------------|=========|-------------------------------- "The software said it requires Windows 98 or better, so I installed Linux..." ------------------------------------------------------- This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Off topic: ActiveScout? Rich Adamson (Apr 04)
- <Possible follow-ups>
- Re: Off topic: ActiveScout? JP Vossen (Apr 04)