IDS: RE: ForeScout ActiveScout (was: Re: Intrusion Prevention)

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

IDS mailing list archives

RE: ForeScout ActiveScout (was: Re: Intrusion Prevention)

From: "Matthew L. McGuirl" <mmcguirl () lucidsecurity com>
Date: Tue, 17 Dec 2002 12:48:27 -0500

They "shine" because as far as I can tell, they're correlating their own data with their own data. This magical "mark" 
they stamp on the prober is unlikely to be more than something like a dummy username & password combination that gets 
stored in their database. When their IDS module sees a packet come in bearing this dummy data they can detect it 
regardless of its source IP. I must be missing something if they're serious when they claim to be able to detect a 
"mark" returning without examining the payload of the packets.

If I'm wrong, please elucidate.

Happy Holidays to All,

Matt

Matt McGuirl                                
Software Support Engineer             
Lucid Security Corporation            
Email: mmcguirl () lucidsecurity com

Attachment: Matt McGuirl.vcf
Description: Matt McGuirl.vcf

By Date By Thread

Current thread:

RE: ForeScout ActiveScout (was: Re: Intrusion Prevention), (continued)
- RE: ForeScout ActiveScout (was: Re: Intrusion Prevention) Matthew L. McGuirl (Dec 16)
- RE: ForeScout ActiveScout (was: Re: Intrusion Prevention) Dudley, Brian (ISS Chicago) (Dec 16)
  - RE: ForeScout ActiveScout (was: Re: Intrusion Prevention) Karl Lynn (Dec 16)
- RE: ForeScout ActiveScout (was: Re: Intrusion Prevention) Frank Knobbe (Dec 17)
  - RE: ForeScout ActiveScout (was: Re: Intrusion Prevention) Omar Herrera (Dec 17)
- RE: ForeScout ActiveScout (was: Re: Intrusion Prevention) Matthew L. McGuirl (Dec 17)
  - Re: ForeScout ActiveScout (was: Re: Intrusion Prevention) Dug Song (Dec 17)