Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

focus-ids logo IDS mailing list archives

RE: TippingPoint Releases Open Source Code for FirstIntrusionPrevention Test Tool, Tomahawk
From: "Rob Shein" <shoten () starpower net>
Date: Thu, 4 Nov 2004 08:48:07 -0500
Oh, I have to disagree with this, and for a one-word reason: "open".
Because it's an open-source tool, everyone can look into it and see how it
works.  For example, before I'd even started reading this thread, Martin
Roesch had chimed in with his own assessment of how it works.  So if it's
geared towards making any one vendor look better than all the others...well,
they'd get caught at it right off, and it would have the opposite effect.
(For example: the infamous Mier Labs testing of an Intrusion.com product
some years ago, using ridiculously unrealistic network traffic.)

And also worth pointing out is that unlike the RDBMS example listed below,
TippingPoint isn't even saying that their product is better with this tool.
For that matter, they aren't making any claims at all; their release could
just as easily have come from any researcher with no vendor ties, without
being any different.  They're only saying, "hey, this is a rapidly-growing
technology, and there aren't any really tools for non-vendors to  validate
products...here's something we've come up with to get the ball rolling in
that direction."  I have to applaud this, and wonder what motivates one of
their competitors to reflexively slam it for logically incorrect reasons.


-----Original Message-----
From: Mitchell Ashley [mailto:mitchell () stillsecure com] 
Sent: Tuesday, November 02, 2004 12:57 PM
To: focus-ids () securityfocus com
Subject: RE: TippingPoint Releases Open Source Code for 
FirstIntrusionPrevention Test Tool, Tomahawk


Lets face it, any "open" IPS testing tool released by any IPS 
vendor will have little industry or customer credibility. 
This is reminiscent of the early RDMBS days when the vendors 
created their own proprietary benchmarks. They had little 
credibility until the benchmark tests we defined, specified 
and improved by industry standards groups. 

Caveat emptor.

. . .
Mitchell Ashley
CTO
StillSecure

303-881-9353 Mobile
303-381-3880 Fax

www.stillsecure.com
Reducing your risk has never been this easy.
. . .
The information transmitted is intended only for the person 
to which it is addressed and may contain confidential 
material. Review or other use of this information by persons 
other than the intended recipient is prohibited. If you've 
received this in error, please contact the sender and delete 
from any computer. 


-----Original Message-----
From: Clemens, Dan [mailto:Dan.Clemens () healthsouth com] 
Sent: Tuesday, November 02, 2004 8:17 AM
To: Kyle Quest; focus-ids () securityfocus com
Subject: RE: TippingPoint Releases Open Source Code for 
FirstIntrusionPrevention Test Tool, Tomahawk


 

      >What we need... is Snort for IPS/IDS/Firewall 
      >testing, which would be advanced by the security 
      >community and not by a commerical company who's 
      >business interests are in conflict with the purpose 
      >of the tool. 


      That's just my take on it... 


      - Kyle, Don't forget the 'snort' folks have just as 
much of a vendor presence as TippingPoint or any other IDS 
vendor. TippingPoint _may_ be trying to encourage use of 
their tool for IDS evolution as a whole  much like snort has 
yet still has hopes they will get some benefit from their free tool.

      Now do you have any pcaps to contribute to snort or the 
rest of us packetninjas?

      -Dan


Confidentiality Notice: This e-mail communication and any 
attachments may contain 
confidential and privileged information for the use of the 
designated recipients named above. If 
you are not the intended recipient, you are hereby notified 
that you have received this 
communication in error and that any review, disclosure, 
dissemination, distribution or 
copying of it or its contents is prohibited. If you have 
received this communication in 
error, please notify me immediately by replying to this 
message and deleting it from your 
computer. Thank you.


--------------------------------------------------------------
------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world 
attacks from 
CORE IMPACT.
Go to 
http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_04

0708 
to learn more.
--------------------------------------------------------------------------




--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]