Re: IPS comparison

[Mike Poor <mike () intelguardians com>]

I just got done testing a number of IPS devices using simple publicly 
available tools such as metasploit, fragroute, and bot commands.  I think 
before we start worrying about IPS systems blocking arkane, rare, and even 
zero day attacks... they need to start by blocking attacks that have been 
out since 1999!

Mike

--On Tuesday, August 30, 2005 12:01 AM +0200 Stefano Zanero 
<s.zanero () securenetwork it> wrote:

> Daniel Cid wrote:
> > This "anomaly" detection will only detect 0-day
> > exploits for known vulnerabilities.
>
> A zero-day exploit is a curious marketing thing. You suddenly redefine a
> difficult problem (catching zero-days) as a rather simpler problem
> (create signatures that actually describe the vulnerability, which is
> what any signature worth your licensing cost should do).
>
> So, presto!, you can rush up and put out some rather nice marketing
> material on it.
>
> Fact is, anomaly detection is so rare that it's almost unexistant in the
> commercial products, except for limited forms of "protocol anomaly
> detection" and for Arbor's peakflow technology.
>
> Best,
> Stefano Zanero
> ---------------------------
> Secure Network S.r.l.
> www.securenetwork.it
>
> ------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it
> with real-world attacks from CORE IMPACT.
> Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
> to learn more.
> ------------------------------------------------------------------------





------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------