IDS mailing list archives
RE: SourceFire RNA
From: "Rob Shein" <shoten () starpower net>
Date: Tue, 2 Dec 2003 10:46:48 -0500
The answer to this is simple. All machines make some kind of noise on the network, from an IDS-centric view. If the machine doesn't have any interaction, ever, with anything, then it's not really important from the IDS point of view, because it can't be breached WITHOUT interaction. Even if the first traffic involving that machine is an attack or scan, at that point the machine becomes at least as visible to the IDS as it is to the attacker.
-----Original Message----- From: Lior Tal [mailto:lior () us-path com] Sent: Tuesday, December 02, 2003 5:58 AM To: focus-ids () securityfocus com Subject: SourceFire RNA Hi, Did anyone had a chance to evaluate the RNA published on SourceFire web site? From what I coule understand, they claim that by passive traffic analysis the RNA can trace every network device, service and open port within a network. It is difficult for me to understand how can passive traffic analysis detect inactive devices and services which do not transmit any network traffic? Can anyone help figure that one? Lior US-Path Inc. -------------------------------------------------------------- ------------- -------------------------------------------------------------- -------------
--------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- SourceFire RNA Lior Tal (Dec 02)
- RE: SourceFire RNA Rob Shein (Dec 02)
- Re: SourceFire RNA Renaud Deraison (Dec 02)
- RE: SourceFire RNA Rob Shein (Dec 02)
- Re: SourceFire RNA Renaud Deraison (Dec 02)
- RE: SourceFire RNA Rob Shein (Dec 02)
- RE: SourceFire RNA Lior Tal (Dec 03)
- Re: SourceFire RNA Martin Roesch (Dec 03)
- Re: SourceFire RNA Renaud Deraison (Dec 02)
- RE: SourceFire RNA Rob Shein (Dec 02)
- Re: SourceFire RNA Jason (Dec 03)
- Re: SourceFire RNA Renaud Deraison (Dec 03)
- Re: SourceFire RNA Jason (Dec 03)
- Re: SourceFire RNA Renaud Deraison (Dec 03)