Re: BlackICE IDS

[pingman () post1 com (pingman)]

mjr and folks

i am in the midst of getting a multisegment ids system, and have read
through this thread.

as a customer, i must say i am confuse on which one to settle with now.

is it that all ids ain't ready at present.

i know it is all up to one's individual decision. nevertheless, any comments
from the experts?

cheers
al

----- Original Message -----
From: "Marcus J. Ranum" <mjr () nfr net>
To: "Greg Shipley" <gshipley () neohapsis com>; "Robert Graham"
<robert_david_graham () yahoo com>
Cc: "John S Flowers" <jflowers () hiverworld com>; <ids () uow edu au>
Sent: Monday, December 06, 1999 11:06 AM
Subject: Re: IDS: BlackICE IDS

> FAQ: See http://www.ticm.com/kb/faq/idsfaq.html
> IDS: See http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
> HELP: Having problems... email questions to ids-owner () uow edu au
> NOTE: Remove this section from reply msgs otherwise the msg will bounce.
> SPAM: DO NOT send unsolicted mail to this list.
> --------------------------------------------------------------------------
-
> ---
> Greg Shipley writes:
>
> > 2. I would encourage anyone who is doing testing to get as close to REAL
> > traffic as possible.
>
>
> As a vendor, let me comment that Greg's 100% right! We tell our
> customers the same thing. You gotta see what'll work in your
> live environment because it's going to be different than a lab.
> You might install an IDS that does reassembly and state tracking
> and discover that it doesn't work right because your internal
> routing is messed up (accidentally or deliberately). You might
> discover all kinds of weirdnesses that would never appear in a
> contrived lab environment - some good, some bad.
>
> mjr.
> --
> Marcus J. Ranum, CEO, Network Flight Recorder, Inc.
> work - http://www.nfr.net
> home - http://www.clark.net/pub/mjr