Home page logo
/

pauldotcom logo PaulDotCom mailing list archives

Re: IDP/IDS
From: "Albert R. Campa" <abcampa () gmail com>
Date: Mon, 13 Sep 2010 14:27:37 -0500

I seem to recall VRT putting out a blog post of the reasoning for their
signature creation methods. Write to block the vulnerability vs exploit? I
cant seem to find it.

This is brought on by ISS selling their "non signature" based model, which
enables them to have a signature that blocks the adobe 0day since 2008,
whereas Snort just recently created a sig for it.

17233 <-> SPECIFIC-THREATS Adobe Reader and Acrobat TTF SING table
parsing remote code execution attempt



__________________________________
Albert R. Campa


On Mon, Sep 13, 2010 at 1:58 PM, Juan Cortes <juanccortester () gmail com>wrote:

We are currently evaluating both sourcefire n tippingpoint. Love snort so
we r biased but we r testing both. We currently have shitty-iss.

On Sep 13, 2010 12:36 PM, "Carlos Perez" <carlos_perez () darkoperator com>
wrote:

I'm biased to Tippingpoint and SourceFire, hate McFee models

Sent from my iPhone


On Sep 13, 2010, at 12:30 PM, Craig Freyman <craigfreyman () gmail com>
wrote:

Budget time, need to...

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldo   


_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault