Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] BlackICE
From: Jonathan Rickman <jonathan () XCORPS NET>
Date: Wed, 13 Sep 2000 13:23:38 -0400

3. I've had many instances where BlackIce has misinterpreted a traceroute
or a
ping for an attack.

Frankly with all the talk on this list about "false positives" on
scanning
tools on this list, I'm surprised anyone knowlegeable enough to read this
list
would buy such a low rent product....just my two cents worth though;_)

I couldn't agree more. We are currently testing BI for a writeup in our
reviews section. So far most of the review is test data regarding false
positives. For instance, BI called a standard nmap TCP connect scan a
smurf attack...then 5 minutes later it called the same scan a SYN flood.
On the third try, it reported correctly. I think it's popularity is based
on the fact that it uses a few key buzzwords and ominous sounding
descriptions to make the user feel like their PC might explode if BI
wasn't running. Our testing isn't complete, but it has already earned a
negative review. @guard and ZA seem to do a much better job.

--
Jonathan Rickman
X Corps Security
http://www.xcorps.net


-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGP 6.5.2

mQENAzm0QZQAAAEIAN3uNRQlWHMrHwKgTNzpYps6SLipfNvH+0uZi0TvxyXFHiiH
kivQYxlcPn/4Za4eyl5XZvP6lGQ3DXcCzT+9di75HqFtTiHeE9YScR0WEeBB1ywL
j8nKxFdGMCJ3a3khSafPvyTUQKGaEWQGnui+6UieWeBhDHdE/o21qNd0+6M49P73
0pVTdmdn1jPj1cU+vrqkNWMfNNNhLyPjrdPzoL6SoYzCs6p5YhLWaNOiet/91RhK
VpC8uy2cUIWNOAyAOtDJwF4GY+AIVP2WTLg6L/FByDH507HP4NvkbnwPAkDSTh7M
TlXvdoeNiaEUCYCgx8CFSCAg/pl819+gts810D8ABRG0JkpvbmF0aGFuIFJpY2tt
YW4gPGpvbmF0aGFuQHhjb3Jwcy5uZXQ+iQEVAwUQObRBlNffoLbPNdA/AQETwwf/
d4W131UXeWd1+hcCR1bkFJRx+08fNtHzbMzjqquA4IRPftt72M6RzDsRn1xpsdh+
RqP0oeZ0IfnByhXQ7x65JxRUaYW2mw8GNQOeTkJ2uNDg3SaFG2HGYxASohP2r8D6
Yh1WIfEgf3YDwoKyGAfJTgcfHZe85+hgg6R60KbGMAhWf5Tbb6IEpzdvBi/HoYHC
c1km8esjnMPDmR1aLjcRffaMmWGwXk/33oZRo3Q0SO/MvqWyo1kZnq2JIxX0MDAm
nm2p0cZtQc1sECkC1XyyyH8tgWhXwzYpucpsQ3IhWFrCuL7y4t/wREOgd4KaSxkN
OKraa8g7Nyh4s8rSHFvq5A==
=XYFV
-----END PGP PUBLIC KEY BLOCK-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]