IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Intrusion Prevention

From: Karl Lynn <klynn () stackheap org>
Date: Wed, 11 Dec 2002 14:35:33 +0000 (GMT)
Their product seems to be based on initial recon and only then
does it make a decision to thwart the event.  So, lets say you
have 2 shell accounts, one does the recon, the other does the actual
attack both on totally different networks.  I'm wondering how this would
effect this product.  I haven't personally evaluated ActiveScout but to
make claims of 100% no false positives is a very bold statement and
usually to mitigate the false positives of any IDS there must be some sort
of tuning involved with the product.  Anyhow, it looks like you send some
recon and this product intercepts it and sends back "valid" information
which is called a "mark" then if ActiveScout sees this "mark", it blocks
the attack.  Im curious as to how they are going to mark an attack in
which they have no idea what im sending.  Even more so like I stated above
using two totally different networks, one for recon and the other for the
actual compromise.  Just some thoughts...

-Karl

On Thu, 5 Dec 2002 intrusi0n () cox net wrote:


Hello everyone,

Has anyone here seen or used ActiveScout, by ForeScout technologies? It claims to have a 100% accuracy , no false 
positives. I am rather skeptical, but I was wondering if anyone here has any expertise using or evaluating this.

Any input is greatly appreciated!

()()()()()
Previous By Date Next
Previous By Thread Next

Current thread: