IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: interesting paper on testing sig-based IDS

From: Richard Bejtlich <taosecurity () gmail com>
Date: Mon, 28 Feb 2005 21:32:16 -0500
On Fri, 25 Feb 2005 21:01:22 -0800, Kohlenberg, Toby
<toby.kohlenberg () intel com> wrote:

http://www.cs.ucsb.edu/~vigna/pub/2004_vigna_robertson_balzarotti_CCS04.
pdf

It seems very similar (at least at first glance) what what's been
implemented by
RFP in Whisker (the anti-IDS techniques) or in Metasploit (IDS confusion
techniques).

Have any/many of you seen this before? 


Toby,

Thanks for bringing this to my attention.  There is a lot of really
good work being done by researchers that hardly sees the light of day
outside academic circles.  Vendors are quick to claim that they've
invented some new technology, but some basic investigation can usually
find the same idea implemented by a researcher years earlier!

Sincerely,

Richard
http://www.taosecurity.com

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: