IDS mailing list archives
RE: Intrusion Prevention
From: Frank Knobbe <fknobbe () knobbeits com>
Date: 11 Dec 2002 15:51:39 -0600
On Wed, 2002-12-11 at 14:30, Matthew L. McGuirl wrote:
ActiveScout's whole approach to the issue of reducing false positives is to assume that all attacks occur after a reconnaissance effort has been conducted. While this is certainly true in many cases it is unlikely that _all_ attacks follow recon.
... or that all attacks are coming from the same source IP address. Anyone that, during a pen test, scans the target from the same IP address that he performs attacks from, should seriously revisit his pen-test methodology. Regards, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- RE: Intrusion Prevention, (continued)
- RE: Intrusion Prevention Avi Chesla (Dec 09)
- Re: Intrusion Prevention Jill Tovey (Dec 09)
- Re: Intrusion Prevention Frank Knobbe (Dec 10)
- RE: Intrusion Prevention Adam Powers (Dec 10)
- RE: Intrusion Prevention Ralph Los (Dec 10)
- Re: Intrusion Prevention Vern Paxson (Dec 10)
- RE: Intrusion Prevention Chris Petersen (Dec 11)
- Intrusion Prevention Johnny Kho (Dec 23)
- RE: Intrusion Prevention Robert_Huber (Dec 11)
- RE: Intrusion Prevention Matthew L. McGuirl (Dec 11)
- RE: Intrusion Prevention Frank Knobbe (Dec 11)
- RE: Intrusion Prevention Carey, Steve T GARRISON (Dec 23)
- Re: Intrusion Prevention Dave Mitchell (Dec 23)
- Re: Intrusion Prevention Randy Taylor (Dec 24)
- Re: Intrusion Prevention Dave Mitchell (Dec 23)
- Re: Intrusion Prevention Rick Williams (Dec 27)
- OSEC [WAS: Re: Intrusion Prevention] Greg Shipley (Dec 29)
- NSS (was Re: Intrusion Prevention) Randy Taylor (Dec 30)