Dailydave mailing list archives
RE: Sniffing is not the easy answer, Kate.
From: "Paul Melson" <pmelson () gmail com>
Date: Tue, 11 Oct 2005 14:55:42 -0400
-----Original Message----- Subject: Re: [Dailydave] Sniffing is not the easy answer, Kate.
An admission that NIDS products == antivirus products. "We protect you - as long as five percent of your peers have alerted us to the fact that
they got owned > and have provided us with samples!" No question. I didn't mean to be defending NIDS products. Even purveyors of security wares put things like cost (be it $$ or cpu%) over security. That applies both to the degree of security their products provide as well as the security of their actual products*. But at the end of the day, signatures are easy to manage, require relatively little knowledge about the type of attack involved, and don't require a ton of CPU or memory. That's why this model is used in AV as well as NIDS/HIDS products. PaulM *I'm probably still under NDA so no specifics, but I'm aware of major design flaws, like elementary level stuff, in two NIDS vendors' appliances (these are names you know). AFAIK, they still ship with these problems. One vendor's initial response to the bug was to release a signature that detected and dropped the attack against their manager that we sent them.
Current thread:
- Sniffing is not the easy answer, Kate. Dave Aitel (Oct 11)
- Re: Sniffing is not the easy answer, Kate. Ron Gula (Oct 11)
- RE: Sniffing is not the easy answer, Kate. Paul Melson (Oct 11)
- Re: Sniffing is not the easy answer, Kate. byte_jump (Oct 11)
- RE: Sniffing is not the easy answer, Kate. Paul Melson (Oct 11)
- RE: Sniffing is not the easy answer, Kate. Sash (Oct 11)
- Re: Sniffing is not the easy answer, Kate. byte_jump (Oct 11)
- Re: Sniffing is not the easy answer, Kate. Andrew R. Reiter (Oct 11)