Dailydave mailing list archives

RE: For those of you that don't know....

From: "Maynor, David (ISS Atlanta)" <dmaynor () iss net>
Date: Mon, 13 Dec 2004 16:06:13 -0500

Thats just stupid to claim that i am trying to deceive people on the 
list for my own agenda. I am not.


It was a joke because for the life of me I can't understand why you
would recommend something that is trivial to evade.

You can't say with a straight face they were doing better than

everybody

else in the market, they are evaded by simple RPC fragmentation, even
SNORT catches that. ImmunitySec's own Canvas CRI turns it into swiss
cheese, from what I hear.

Yeah its probably true that they dont handle application level 
fragmentation but who else does without actually sitting on the host ?


There are two other vendors I can think of off the top of my head.

From what i hear Tippingpoint in its class (hardware solution that sits

as

a border perimeter) is the only HIPS that its customers can actually

run

in prevention mode. All others i have seen are almost in "learning" or 
"warning" or "HIDS" mode.


It sounds like you are confusing the IPS space with behavior based or
"anomaly based IPS." They are two different things.

What other NIPS/HIPS vendors are you speaking of? As far as I know

Willy

Wonka got his Ompalompa's on spyware research now so the list of NIPS
that tippingpoint is better than has dropped a bit.

why dont you give us a sales pitch of your dear product so that we can

all

kick back and chill ...


I will right after you tell me what Tippingpoint is better at doing than
other vendors?


-----Original Message-----
From: Sinan Eren [mailto:sinan.eren () immunitysec com] 
Sent: Monday, December 13, 2004 2:39 PM
To: Maynor, David (ISS Atlanta)
Cc: dailydave
Subject: Re: [Dailydave] For those of you that don't know....

Who knew PCRE was worth that much?


Compared to other marketed NIDS/NIPS tippingpoint was doing a much
better 
job. So it did not suprise me much.

Same could be said for Determina being so much better than all the

other


marketted HIPS out there. So i expect to see some big acquisition in
that 
too. 

I would personally pick tippingpoint and determina if i was in a CSO 
or similar position. So standing from a technical point of view I

would

endorse both of these products.

cheers,
Sinan


_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Re: For those of you that don't know...., (continued)
- - - Re: For those of you that don't know.... Gadi Evron (Dec 13)
    - Re: For those of you that don't know.... Sinan Eren (Dec 13)
- RE: For those of you that don't know.... Maynor, David (ISS Atlanta) (Dec 13)
  - RE: For those of you that don't know.... Sinan Eren (Dec 13)
  - Re: For those of you that don't know.... ric k (Dec 13)
- RE: For those of you that don't know.... kquest (Dec 13)
- RE: For those of you that don't know.... Clemens, Dan (Dec 13)
- RE: For those of you that don't know.... Maynor, David (ISS Atlanta) (Dec 13)
  - RE: For those of you that don't know.... pageexec (Dec 13)
- RE: For those of you that don't know.... Maynor, David (ISS Atlanta) (Dec 13)
- RE: For those of you that don't know.... Maynor, David (ISS Atlanta) (Dec 13)
  - RE: For those of you that don't know.... Sinan Eren (Dec 13)
- RE: For those of you that don't know.... Rodney Thayer (Dec 13)
  - RE: For those of you that don't know.... Ron Gula (Dec 13)
- RE: For those of you that don't know.... Maynor, David (ISS Atlanta) (Dec 13)
- RE: For those of you that don't know.... Maynor, David (ISS Atlanta) (Dec 13)
  - Re: For those of you that don't know.... Dave Aitel (Dec 13)
- RE: For those of you that don't know.... Rodney Thayer (Dec 13)
- RE: For those of you that don't know.... Maynor, David (ISS Atlanta) (Dec 13)
- Re: For those of you that don't know.... peyote (Dec 13)
- For those of you that don't know.... dunz krispy (Dec 13)

(Thread continues...)