IDS mailing list archives
Re: IDS is dead, etc
From: Jonathan Rickman <jonathan () xcorps net>
Date: Tue, 19 Aug 2003 22:21:26 -0400
-----BEGIN PGP SIGNED MESSAGE----- On Friday 15 August 2003 21:26, Paul Schmehl wrote:
Are you really serious about this? Because I don't think you could possibly be more wrong. There are an infinite number of answers that can be returned for a given set of parameters, not a simple yes or no. Mind you, I'm not arguing that you can solve every problem with an algorithm, but *surely* you don't really believe that algorithms can only respond with binary answers? If this were really true, it wouldn't even be possible to have more than two alert levels - Alert or no alert.
Let me clarify. I'm speaking theoretically, not technically. Sure, you can give the system an infinite number of signatures and variables...but the code still can't think for itself or correct flaws introduced by humans. Because the machine can't configure itself, the flaws introduced by humans can't really be eliminated. In the end, it's a matter of yes or no. The system isn't really making any decisions. Either it matches or it does not. Sure, you can tell it to spit out any number of answers, but it's still an "if this then do this" scenario. The machine can't slap itself on the forehead, exclaim "DOH!!!", and make adjustments on the fly. It will continue to repeat the same mistake until a person intervenes. I suppose it's just another case of the old garbage in garbage out cliche, but it's still true. - -- Jonathan Rickman X Corps Security http://www.xcorps.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBP0LbLTTwrX0N9QH/AQERjQf7Bhk59EFZXXn1hZYEbuHR2fbSr2tQjpiE aaaX2Abrfdsz10PZ1j2ijWHjYMPFOYAmhgyabetrPBN6wIRQa+gxcO4hARhDiaTd Cc6Mysm/6L4dyTM3xc4bdESyU3K/LmjxQZYq5Ll2qMkgkiRY0rXs5QZwkCMUgYar wantU4rPD28Jzb2mnBUgPDAcFcB0jONUlwPptCNsfEXTovMWrxpqsIIEyfzXglCD x9RUiRFxvVWOJM1Txsm5CG1H1S6gdjqSsDYAeWWRzF+nE2nPm2z6wzKqM21kWAp/ lWRo2tXWof3yyx1QSezCkqYw1K5LjuajGeHeySM6nKyCxHMzSwiU6Q== =89bF -----END PGP SIGNATURE----- --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the worldÂs premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symanetc is the Diamond sponsor. Early-bird registration ends September 6 Visit: www.blackhat.com ---------------------------------------------------------------------------
Current thread:
- Re: IDS is dead, etc, (continued)
- Re: IDS is dead, etc Frank Knobbe (Aug 11)
- RE: IDS is dead, etc Bob Buel (Aug 11)
- Re: IDS is dead, etc Barry Fitzgerald (Aug 11)
- Belaboring the point of FPs Paul Schmehl (Aug 12)
- Re: Belaboring the point of FPs Martin Roesch (Aug 13)
- Message not available
- Off-Topic: perfect firewall (was Re: IDS is dead, etc) Bennett Todd (Aug 11)
- RE: IDS is dead, etc Omar Herrera (Aug 13)
- Re: IDS is dead, etc Jonathan Rickman (Aug 15)
- Re: IDS is dead, etc Paul Schmehl (Aug 19)
- Re: IDS is dead, etc Jonathan Rickman (Aug 21)