Re: Network & Systems Cloaking Tool

[Tommy <tommy () secure sh>]

Hey,

LOL, yes, the site is currently geared towards the following communities: 
- endorsers (such as FBI, CIA, NSA, ICANN, etc)
- buyers (collect orders for factoring credit)
- investors (VC money to start production)

The techie in me is dying to share the technology, how it works, but the business person in me also wants to build a 
business, and that's what we filed patents for to protect the technology (it is proprietary), so unfortunately I cannot 
disclose the "juicy" stuff y'all are looking for. I believe in the Open Source model, but open source was not used to 
develop this system. It's break-through cloaking technique however works very well with IDS systems, and Snort is 
surely one of the best (we are using & implementing it), and that's why I ran it through the list. Feedback on the 
functionality is, however, most welcome!

The box has been tested and it works, actually extremely well, without any configuration, and as you can see, you will 
all soon have a chance to test it 'live' over the internet, or see it in person and perform cloaking/scanning and/or 
DDoS attacks on site.

On a side note: so far I have gone through a lot of pain to bring the product thus far, and it makes me feel good that 
it sparks curiosity in the tech community. It is always fun to see people (who understand the challenges and the 
imbedded technology) test it and say "WOW!!" ;-)

Thanks for your time,
Thomas

At 11:53 AM 11/8/2002, twig les wrote:
> Now I'm curious.  I looked at the site, but it seems a
> bit geared toward management.  Exactly how does this
> box decide what traffic is legit and what isn't?  This
> has been the crux of the computer security world's
> problem since the get-go.  I understand the whole
> do-it-in-asic part for wire speed, but the black box
> thing is a tough for me to trust.  Is there a more
> detailed doc about this?  Sorry to hammer you, but
> this is an open-source list you're posting to.
>
>
>
> --- Tommy <tommy () secure sh> wrote:
> > At 06:51 PM 11/6/2002, <hackerwacker () cybermesa com>
> > wrote:
> > > No box can protect against a DoS, if it sits at the
> > customer end of a pipe, and the DoS is filling the
> > pipe. 
> >
> >
> > Hello hackerwacker,
> >
> > as you know, there are two different types of DDoS
> > attacks:
> > 1) flood the pipe
> > 2) attack on application level
> >
> > The bandwidth flooding DDoS attacks are fairly easy
> > to catch with QoS stuff (or iSecure), and should be
> > caught upstream if targeted against a
> > small-bandwidth connection. Even though iSecure also
> > defends against this type of attack, the key feature
> > is defense against application-level DDoS attacks,
> > and not shutting the pipe down (same effect as
> > DDoS), but determination which is "good" traffic
> > (passes), and which is "DDoS" traffic (stopped).
> > This application-level attack is the more
> > devastating, and the most difficult to combat - and
> > this is what iSecure does:
> > http://www.dos-protection.com/html/dos___ddos.html
> > There is a lot of money being spent on the
> > development of other DDoS Defense systems (~$300m so
> > far), and there are some in the market, all of which
> > according to a review by DDoS World in NW Fusion
> > have significant drawbacks, are hard to configure,
> > and/or simply do not work (such as: Sync4 crashes
> > the DDoS Defense system). iSecure does not require
> > any configuration (black box concept) and works
> > against all flooding and application-type DDoS
> > attacks as an inline scanner, successfully
> > eliminating DDoS attacks in real-time, while letting
> > "good" (desireable) traffic pass - and without
> > bandwidth reduction.
> >
> > Its other feature is the network & systems cloaking,
> > which is truly unique (I know of no other system
> > which does that), and which in conjunction with an
> > IDS system can allow for more effective detection &
> > traces, as it forces the attacker to log all ports
> > in the scan range (or all 65,535) twice - while
> > logging all as being 'open' and then to generate the
> > list of "interesting ports" - i.e. the same, slowing
> > down the probe dramatically. This is why I wanted to
> > run it by the Snort community. Even NMAP can't
> > figure out whats behind the system. More at:
> > http://www.dos-protection.com/html/cloaking.html
> >
> > Thanks for your time,
> > Thomas
> >
> >
> > Thomas J. Ackermann
> > Mobile: 214-403-5368
> >
> > Melior, Inc. ---  Perfectionists At Work. (TM)
> >
> > Internet Infrastructure & Security Architects
> > in  Dallas,Silicon Valley, Los Angeles, Houston, New
> > York, India
> > www.meliorinc.com
> >  
> > Tel: (888) 4 MELIOR     
> > Fax: (888) TO FAX US
> >
> > This email is intended for the addressee only.  
> > The material may be privileged and may contain
> > confidential information.  
> > If you have received this email in error, please
> > notify Melior, Inc. immediately 
> > by email and delete the original.  Thank you!
>
>
> =====
> -----------------------------------------------------------
> If you give a man a fish, he can eat for a day
> If you bludgeon him to death, you can eat the fish yourself                       
> -----------------------------------------------------------
>
> __________________________________________________
> Do you Yahoo!?
> U2 on LAUNCH - Exclusive greatest hits videos
> http://launch.yahoo.com/u2 



-------------------------------------------------------
This sf.net email is sponsored by: See the NEW Palm 
Tungsten T handheld. Power & Color in a compact size!
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users