IDS mailing list archives
RE: IDS is dead, etc
From: Laurent Demailly <dl () qualys com>
Date: Thu, 21 Aug 2003 15:43:40 -0700
Because the machine can't configure itself, the flaws introduced by humans can't really be eliminated.
[...]
The machine can't slap itself on the forehead, exclaim "DOH!!!", and make adjustments on the fly.
Well, it can try to detect inconsistencies and that's (shameless but hopefully relevant plug:) what we try to do (amongst other things) with QuIDScor: Use information from different sources (IDS, VA) and correlate and try to catch problems (like for instance that the VA thinks you do not have vuln X because the port is not open (to it, be it firewall configuration or otherwise) but the IDS (established flag in snort) sees for sure that there is traffic going back and forth -> flag an alert/misconfiguration warning for the overall system. ps: See http://quidscor.sourceforge.net/ for more info about the open source (bsd license) ids/va correlation project we're working on. (the first public release of QuIDScor was made end of July and there is more coming (with a much smarter correlation engine), feedback welcome) Laurent ---------------------------------------------------------------------------Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the worldÂs premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symanetc is the Diamond sponsor. Early-bird registration ends September 6 Visit: www.blackhat.com
---------------------------------------------------------------------------
Current thread:
- RE: IDS is dead, etc, (continued)
- RE: IDS is dead, etc Bob Buel (Aug 11)
- Re: IDS is dead, etc Barry Fitzgerald (Aug 11)
- Belaboring the point of FPs Paul Schmehl (Aug 12)
- Re: Belaboring the point of FPs Martin Roesch (Aug 13)
- Message not available
- Off-Topic: perfect firewall (was Re: IDS is dead, etc) Bennett Todd (Aug 11)
- RE: IDS is dead, etc Omar Herrera (Aug 13)
- Re: IDS is dead, etc Jonathan Rickman (Aug 15)
- Re: IDS is dead, etc Paul Schmehl (Aug 19)
- Re: IDS is dead, etc Jonathan Rickman (Aug 21)