Intrusion Detection Systems mailing list archives
Re: BlackICE IDS
From: mjr () nfr net (Marcus J. Ranum)
Date: Sun, 05 Dec 1999 22:06:57 -0500
Greg Shipley writes:
2. I would encourage anyone who is doing testing to get as close to REAL traffic as possible.
As a vendor, let me comment that Greg's 100% right! We tell our customers the same thing. You gotta see what'll work in your live environment because it's going to be different than a lab. You might install an IDS that does reassembly and state tracking and discover that it doesn't work right because your internal routing is messed up (accidentally or deliberately). You might discover all kinds of weirdnesses that would never appear in a contrived lab environment - some good, some bad. mjr. -- Marcus J. Ranum, CEO, Network Flight Recorder, Inc. work - http://www.nfr.net home - http://www.clark.net/pub/mjr
Current thread:
- Re: BlackICE IDS, (continued)
- Re: BlackICE IDS Robert Graham (Dec 04)
- Re: BlackICE IDS Robert Graham (Dec 04)
- Re: BlackICE IDS Greg Shipley (Dec 05)
- RE: Network Utilization discussion... Ryan M. Ferris (Dec 06)
- Re: RE: Network Utilization discussion... Misha (Dec 06)
- IDS Dafunquia, Facundo (Dec 07)
- Re: IDS Trevor Schroeder (Dec 07)
- Re: RE: Network Utilization discussion... Ron Gula (Dec 07)
- Half-Assed Review site Troy Billington (Dec 28)
- Half-Assed Review site Troy Billington (Dec 28)
- Re: BlackICE IDS Marcus J. Ranum (Dec 05)
- Re: BlackICE IDS -reply mht () clark net (Dec 06)
- Re: BlackICE IDS pingman (Dec 06)
- RE: BlackICE IDS Bill Royds (Dec 06)
- Sharing Information [Was: BlackICE IDS] John S Flowers (Dec 06)
- new subscriber... Bernard Clairmont (Dec 07)
- Re: Sharing Information [Was: BlackICE IDS] Ron Gula (Dec 07)
- ISS RealSecure upgrade problem Xiong Shao Jun (Dec 07)
- Re: ISS RealSecure upgrade problem Jackie Chan (Dec 08)
- RE: new subscriber Jeff Oliver (Dec 08)