IDS mailing list archives
Re: NEW Topic: Network Mapping Intrusion Detection style
From: "Andy Cuff [Talisker]" <lists () securitywizardry com>
Date: Wed, 7 Jan 2004 22:46:00 -0000
Hi Mark, Many of the security correlation consoles do this for a variety of events. Sadly due to NDA's I can't name products but the ones I looked at produce 3d maps with a variety of axis, the most impressive used a battleships type 3d display where source addresses routed through attack to destination. the spherical "dandelion" approach is also good and definitely allows you to see trends/attacks that aren't obvious on a standard screen. The simplest was purely a 2d port over time graph that allowed you to see some of the low and slow recons that would have otherwise been missed. One big problem I had with the spherical concept was that it redistributed the elements on refresh making it difficult to track certain attack clusters when the screen got really busy. In our trials we didn't introduce passive or active fingerprinting or vulnerability scanning to the display but to be frank can't see what it would do to a reactive screen other than change the destination image to reflect whether the attack would have been successful or not. I can see a definite benefit in overlaying proactive information such as fingerprinting or vulnerability scanning over the reactive alert diagram or vice versa in incident response. But where do we get that 32 Metre Plasma ;o) take care matey -andy Talisker Security Tools Directory http://www.securitywizardry.com ----- Original Message ----- From: "Teicher, Mark (Mark)" <teicher () avaya com> To: <focus-ids () securityfocus com> Sent: Wednesday, January 07, 2004 2:39 AM Subject: NEW Topic: Network Mapping Intrusion Detection style
Has anyone seen products that can produce a network map based on vulnerabilities, host information and types of intrusions? NAI/SNI Ballista had a rudimentay 3-d mapping tool, but not enough to produce a nice slick diagram for an organization. Qualys has a nice free mapping tool, but not enough to produce a detailed diagram Anyone other vendor ?? /m --------------------------------------------------------------------------
-
--------------------------------------------------------------------------
-
--------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- NEW Topic: Network Mapping Intrusion Detection style Teicher, Mark (Mark) (Jan 07)
- Re: NEW Topic: Network Mapping Intrusion Detection style Andy Cuff [Talisker] (Jan 08)
- <Possible follow-ups>
- Re: NEW Topic: Network Mapping Intrusion Detection style Ron Gula (Jan 07)