IDS mailing list archives
Re: Current state of Anomaly-based Intrusion Detection
From: Thomas Ptacek <tqbf () arbor net>
Date: Thu, 3 Mar 2005 13:08:32 -0500
On Mar 1, 2005, at 2:17 PM, Gunnoe, Jason wrote:
I have seen large ISP's implement anomaly technologies on internet backbones, but typically, they are only useful for identifying large scale malware disruptions before they happen. They always give the slammer example, which is what, 4 years old now...
The Slammer example is usually given because it was one of the hardest attacks in the last 2 years to defend against, and one of the most damaging.
I'm not sure whether you're trying to imply that these detection capabilities "weren't up to the task" of detecting Sasser. If that's your point, why don't you take a minute to justify it?
--- Thomas H. Ptacek // Arbor Networks (734) 327-0000 -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly?Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------
Current thread:
- Re: Current state of Anomaly-based Intrusion Detection, (continued)
- Re: Current state of Anomaly-based Intrusion Detection Jose Nazario (Mar 01)
- Re: Current state of Anomaly-based Intrusion Detection Adam Powers (Mar 04)
- Re: Current state of Anomaly-based Intrusion Detection Chris Keladis (Mar 06)
- Re: Current state of Anomaly-based Intrusion Detection Adam Powers (Mar 06)
- Re: Current state of Anomaly-based Intrusion Detection Adam Powers (Mar 04)
- Re: Current state of Anomaly-based Intrusion Detection Jose Nazario (Mar 01)
- RE: Current state of Anomaly-based Intrusion Detection security.feeds (Mar 02)
- RE: Current state of Anomaly-based Intrusion Detection Orit Vidas (Mar 09)
- RE: Current state of Anomaly-based Intrusion Detection Andrew Plato (Mar 01)
- RE: Current state of Anomaly-based Intrusion Detection Frank Knobbe (Mar 02)
- RE: Current state of Anomaly-based Intrusion Detection SecurIT Informatique Inc. (Mar 06)
- RE: Current state of Anomaly-based Intrusion Detection Frank Knobbe (Mar 02)
- RE: Current state of Anomaly-based Intrusion Detection Gunnoe, Jason (Mar 02)
- Re: Current state of Anomaly-based Intrusion Detection Thomas Ptacek (Mar 06)
- RE: Current state of Anomaly-based Intrusion Detection Gunnoe, Jason (Mar 06)