Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Intrusion Detection Systems: Re: IDS Comparison

Re: IDS Comparison

From: Marcus J. Ranum <mjr_at_nfr.net>
Date: Sat, 04 Mar 2000 12:47:08 -0500

Jackie Chan wrote:
>The truth is that
>RealSecure WILL alert that Fragmented packets are going through, from
>what source, and to what destination.

Oh, that's really sophisticated IDS! :)
            ------

So it'll tell you about frags but not what kind of attack - what
if there's _no_ attack, just frags? Could a bad guy do a denial
of service on the IDS by just doing normal web traffic over frags,
until the administrator gave up in disgust because of all the
false alarms? Does it leave re-assembling the frags to check for
attacks as an "exercise for the administrator"?

That's profoundly lame. And it's only twice as expensive as the
better products on the market! :)

Obviously I'm biassed, but, geeze, people, open your eyes and
smell the unpleasant odor wafting from the crap you've been buying!

mjr.
Received on Mar 04 2000

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]