Firewall Wizards mailing list archives
Re: Intrusion Prevention Firewall
From: Vern Paxson <vern () icir org>
Date: Thu, 04 Apr 2002 13:49:14 -0800
The key question is the false positive rate.
Yep!
Is it the case that your Bro IDS scripts are not generating false positives? Or that your users don't mind so much if a legitimate session gets killed? Or a compromise, where the proactive session-killing is only connected to IDS scripts that have particularly low false positives?
It's in particular the last.
We get a false positive every couple of weeks, and of course we work on
ways to lower them. (Bro is conducive to adding these sorts of exceptions.)
But we get dozens of true positives every day, which is the pay-off.
Vern
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Intrusion Prevention Firewall, (continued)
- RE: Intrusion Prevention Firewall R. DuFresne (Apr 17)
- RE: Intrusion Prevention Firewall Dave Piscitello (Apr 17)
- RE: Intrusion Prevention Firewall R. DuFresne (Apr 18)
- RE: Intrusion Prevention Firewall Mike Shaw (Apr 17)
- Re: Intrusion Prevention Firewall Crispin Cowan (Apr 05)
- Re: Intrusion Prevention Firewall Gary Flynn (Apr 06)
- Re: Intrusion Prevention Firewall dont (Apr 06)
- Re: Intrusion Prevention Firewall Crispin Cowan (Apr 05)
- RE: Intrusion Prevention Firewall Dave Piscitello (Apr 08)
- Re: Intrusion Prevention Firewall Gary Flynn (Apr 17)
- Re: Intrusion Prevention Firewall Patrick M. Hausen (Apr 18)