IDS mailing list archives

Previous By Date Next
Previous By Thread Next

RE: IDS (ISS) and reverse engineering

From: "Teicher, Mark (Mark)" <teicher () avaya com>
Date: Wed, 26 Nov 2003 16:00:10 -0700
Untrue,

They have network security engineers that have been coding up protocol
decodes longer than most opensource IDS signature products have been
available

/m

-----Original Message-----
From: V.O. [mailto:vosipov () tpg com au] 
Sent: Wednesday, November 26, 2003 1:54 PM
To: focus-ids () securityfocus com
Subject: Fw: IDS (ISS) and reverse engineering


(re-submitted by the moderator's request - he asked not to cross-post)

Recently I've got to listen to a marketing pitch by an ISS guy. He was
going along the lines of "our X-force reverse-engineered Microsoft RPC
libraries and created signatures..." and "we use protocol decoding, so
we reverse-engineered various closed-source protocols in order to create
out decoders".

What struck me - isn't this kind of activity actually illegal in the US?
To which extent it is possible to disassemble Windows code? And if it is
illegal, then aren't their customers (plus many other IDSes, with the
exclusion of Snort, probably) in danger - what if Microsoft or whoever
else sues ISS for doing this? :)

I'm puzzled.


------------------------------------------------------------------------
---
------------------------------------------------------------------------
---


---------------------------------------------------------------------------
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: