Re: An open question for Snort and Project Honeynet

["Matsu Kandagawa" <matsu () mailvault com>]

-----BEGIN PGP SIGNED MESSAGE-----

> Who is making a "non-detectability" claim, and in what context?  I
have 
> no reason to claim that no one has, I just haven't seen it.
>
>                                               BB


Fair enough, but I sure haven't seen anyone doing much to point out
their limitations and cataloging their points of failure. Not to metion
taking a full inventory of every respect in which your systems respond
differently from real ones. Maybe I just haven't been talking to the
right people or listening carefully enough, anybody up for a white paper
to fill everyone in?

If your sponsors haven't asked for a third-party audit of your tools and
deployed systems from an attacker's perspective, they ought to. Really
give it both barrels and see what you're left with. If the answer is
"but we have!" then in my opinion you really ought to start looking
around for that third party. Tear it down, build it up--what else are
you getting paid for.

Frankly, I'd like nothing better than to discuss more of what I had in
mind, but unfortunately my ass is so 0wned by [this space intentionally
left blank] that it seems I can't even take a shit without signing a
release form. 

M.


-----BEGIN PGP SIGNATURE-----
Version: MailVault 2.2 from Laissez Faire City http://www.mailvault.com

iQA/AwUAP3Tw7GM5xTGTuR0REQIyBACeJELn8egcz+mjNNK4q6dvnzDsXd8AoNvE
jviCR2DWn+n4/O6nU3ForiU2
=w8pq
-----END PGP SIGNATURE-----