|
IDS
mailing list archives
RE: SourceFire RNA
From: "Rob Shein" <shoten () starpower net>
Date: Tue, 2 Dec 2003 10:46:48 -0500
The answer to this is simple. All machines make some kind of noise on the
network, from an IDS-centric view. If the machine doesn't have any
interaction, ever, with anything, then it's not really important from the
IDS point of view, because it can't be breached WITHOUT interaction. Even
if the first traffic involving that machine is an attack or scan, at that
point the machine becomes at least as visible to the IDS as it is to the
attacker.
-----Original Message-----
From: Lior Tal [mailto:lior () us-path com]
Sent: Tuesday, December 02, 2003 5:58 AM
To: focus-ids () securityfocus com
Subject: SourceFire RNA
Hi,
Did anyone had a chance to evaluate the RNA published on
SourceFire web site? From what I coule understand, they claim
that by passive traffic analysis the RNA can trace every
network device, service and open port within a network. It is
difficult for me to understand how can passive traffic
analysis detect inactive devices and services which do not
transmit any network traffic? Can anyone help figure that
one? Lior US-Path Inc.
--------------------------------------------------------------
-------------
--------------------------------------------------------------
-------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
- SourceFire RNA Lior Tal (Dec 02)
- RE: SourceFire RNA Rob Shein (Dec 02)
|
Intro
