IDS mailing list archives

Re: IPS Vendor Evasion

From: Stefano Zanero <s.zanero () securenetwork it>
Date: Thu, 04 Jan 2007 20:25:29 +0100

Tim Holman wrote:

Probably, but then no IDS/IPS is ever going to offer you 100% protection
(ie you need defense in depth), so should such a list _really_ matter?


Totally correct. If you add that IPS products (as well as most IDS
products) are fundamentally misuse-based, they will likely miss any new
attack, or specific attack against your own applications, this becomes
even more academic.

This is not an excuse for lame products, and HD and co. made a very very
good presentation and nice work ;)

Stefano

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.
------------------------------------------------------------------------

Current thread:

IPS Vendor Evasion trav_2 (Jan 03)
- RE: IPS Vendor Evasion Kohlenberg, Toby (Jan 03)
- Re: IPS Vendor Evasion H D Moore (Jan 03)
- Re: IPS Vendor Evasion Tim Holman (Jan 03)
  - Re: IPS Vendor Evasion Stefano Zanero (Jan 04)
- Re: IPS Vendor Evasion Stefano Zanero (Jan 03)
- Re: IPS Vendor Evasion jeff . stebelton (Jan 03)
- <Possible follow-ups>
- Re: IPS Vendor Evasion levinson_k (Jan 03)