Snort mailing list archives
Re: flow_depth and WMF exploit
From: Frank Knobbe <frank () knobbe us>
Date: Thu, 05 Jan 2006 11:20:40 -0600
On Thu, 2006-01-05 at 12:11 -0500, Jason wrote:
At no point in time was an IDS/IPS _designed_ to handle client side attacks or the myriad of options for encodings, file formats, compression, embedding... that exist on the client side. This function has and will remain a responsibility of software on the host. Traditionally this has been AV and unfortunately they have been failing to respond effectively.
Please don't put words into my mouth. I didn't say this at all. Matter the fact, I said the same thing you said in a different email.
The assertion that IPS is less capable of performing the task it is designed for is fallacious and only highlights the complete lack of understanding in the market of the technology.
Not quite. IPSes that claim to inspect traffic at wire speed (that includes server responses), are less capable of performing the inspection tasks at higher speeds when the workload is increased by also having to decode the data first from various encoding formats. (Proxies are better suited for that since they were designed from day one as a accept-and-forward type device.) I'm not talking about your rate-limiters and profile based IPSes. Actually, we didn't even venture into the I_P_S arena at all, and purposefully so. Please don't lead us there, especially not with dismissing comments like above. -Frank -- It is said that the Internet is a public utility. As such, it is best compared to a sewer. A big, fat pipe with a bunch of crap sloshing against your ports.
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- flow_depth and WMF exploit Jason Haar (Jan 03)
- Re: flow_depth and WMF exploit Frank Knobbe (Jan 04)
- Re: flow_depth and WMF exploit purplebag (Jan 04)
- Re: flow_depth and WMF exploit Jason Haar (Jan 04)
- Re: flow_depth and WMF exploit Matthew Watchinski (Jan 05)
- Re: flow_depth and WMF exploit Frank Knobbe (Jan 05)
- Re: flow_depth and WMF exploit Jason (Jan 05)
- Re: flow_depth and WMF exploit Frank Knobbe (Jan 05)
- Re: flow_depth and WMF exploit Jason (Jan 05)
- Re: flow_depth and WMF exploit Frank Knobbe (Jan 05)
- Re: flow_depth and WMF exploit Jason (Jan 05)
- Re: flow_depth and WMF exploit Jason Haar (Jan 05)
- Re: flow_depth and WMF exploit purplebag (Jan 04)
- Re: flow_depth and WMF exploit Frank Knobbe (Jan 04)
- <Possible follow-ups>
- RE: flow_depth and WMF exploit Ron Jenkins (Jan 03)
- Re: flow_depth and WMF exploit Jason Haar (Jan 03)
- Re: flow_depth and WMF exploit Brian Caswell (Jan 04)
- Re: flow_depth and WMF exploit Tom Le (Jan 03)
- Re: flow_depth and WMF exploit Jason Haar (Jan 03)