Intrusion Detection Systems mailing list archives
Re: IDS Comparison
From: mjr () nfr net (Marcus J. Ranum)
Date: Sat, 04 Mar 2000 12:47:08 -0500
Jackie Chan wrote:
The truth is that RealSecure WILL alert that Fragmented packets are going through, from what source, and to what destination.
Oh, that's really sophisticated IDS! :)
------
So it'll tell you about frags but not what kind of attack - what
if there's _no_ attack, just frags? Could a bad guy do a denial
of service on the IDS by just doing normal web traffic over frags,
until the administrator gave up in disgust because of all the
false alarms? Does it leave re-assembling the frags to check for
attacks as an "exercise for the administrator"?
That's profoundly lame. And it's only twice as expensive as the
better products on the market! :)
Obviously I'm biassed, but, geeze, people, open your eyes and
smell the unpleasant odor wafting from the crap you've been buying!
mjr.
Current thread:
- Re: IDS Comparison, (continued)
- Re: IDS Comparison John S Flowers (Mar 04)
- Re: IDS Comparison Ron Gula (Mar 05)
- RE: IDS Comparison Bill Royds (Mar 06)
- disadvantages and advantages kukulkan () netsecure fsksm utm my (Mar 05)
- Re: disadvantages and advantages bbradd () olg com (Mar 06)
- Re: IDS Comparison Greg Shipley (Mar 05)
- Re: IDS Comparison John Rezabek (Mar 03)
- Re: IDS Comparison Jackie Chan (Mar 04)
- Re: IDS Comparison Marcus J. Ranum (Mar 04)
- Re: IDS Comparison Greg Shipley (Mar 05)
- Re: IDS Comparison Marcus J. Ranum (Mar 04)
- Re: IDS Comparison Jackie Chan (Mar 04)
- Re: IDS Comparison Jackie Chan (Mar 04)
- Re: IDS Comparison Misha (Mar 05)