IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: A Network IPS Proposal (was Definition of Zero Day Protection)

From: Johnny Calhoun <jcalhoun () lurhq com>
Date: Mon, 16 Aug 2004 09:45:23 -0400
On Thursday 12 August 2004 20:35, Shaiful wrote:

similar pattern


How do you define "similar pattern"?
Detecting similar patterns/signatures is trivial if the signature is known in 
advance, but how do you know if something is "similar" before it even 
happens?

And if it is KNOWN then it probably already has a signature right?

Anomaly based Intrusion Detection/Prevention is very complex, much more 
complex than just trapping traffic and predicting similar patterns.  

-- 
Johnny Calhoun, GCIA
Information Security Analyst
LURHQ
843-903-4376 opt2
jcalhoun () lurhq com

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: