mailing list archives
Re: [PEN-TEST] BlackICE
From: Jonathan Rickman <jonathan () XCORPS NET>
Date: Wed, 13 Sep 2000 13:23:38 -0400
3. I've had many instances where BlackIce has misinterpreted a traceroute
ping for an attack.
Frankly with all the talk on this list about "false positives" on
tools on this list, I'm surprised anyone knowlegeable enough to read this
would buy such a low rent product....just my two cents worth though;_)
I couldn't agree more. We are currently testing BI for a writeup in our
reviews section. So far most of the review is test data regarding false
positives. For instance, BI called a standard nmap TCP connect scan a
smurf attack...then 5 minutes later it called the same scan a SYN flood.
On the third try, it reported correctly. I think it's popularity is based
on the fact that it uses a few key buzzwords and ominous sounding
descriptions to make the user feel like their PC might explode if BI
wasn't running. Our testing isn't complete, but it has already earned a
negative review. @guard and ZA seem to do a much better job.
X Corps Security
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGP 6.5.2
-----END PGP PUBLIC KEY BLOCK-----