Re: Cisco NetRanger

[gshipley () neohapsis com (Greg Shipley)]

On Wed, 6 Oct 1999 SGariepy () quebectel-ami com wrote:

> What does that mean exactly, does that mean that NS NetRanger has NT
> related security check or just
> that it will work on the NT HPOV  ?

That it will work on NT HP OpenView...and a little more.  HP is also
(supposedly) unveiling a version of the NetRanger sensor for NT.  
NetRanger is network-based IDS, so it does have "NT checks" - but from a
network level.  (it will detect you trying the Windows Out of Band DoS
attack - aka Winnuke - the ping of death, IIS attacks, etc.)

Basically, it means that you can run the two components of NetRanger on
NT: the director (via HP OpenView) and the sensor.  It has little if not
nothing to do with NT-specific checks.  The attack signatures, at least
this is my understanding, are the same: The NetRanger NT version from HP,
and the NetRanger appliance version from Cisco, in theory, should have the
same signature checks.....
 
Incidently, I spoke with the Mitre folks today and the CVE ("Common
Vulnerability and Exposure") list is online now at: http://cve.mitre.org.
It's a list of agreed upon attack names and definitions across vendors - a
good move, IMHO, for IDS and vulnerability assessment vendors.  Apparently
they agreed on some 600 some vulnerabilities, but only 300 some are up
there right now (otheris will follow).

> Is there any information avalaible somewhere about what NetRanger support
> as attack recognition ?  It would be helpful in an IDS evalutation...

I'm not sure if I understand this question, but my understanding is that
the NetRanger version marketed by HP is just an "NT version" of the
NetRanger appliance marketed by Cisco - targeted at more NT-centric
shops....but that's not from the horses mouth, so....  :)

-Greg