Intrusion Detection Systems mailing list archives

RE: IDS Comparison

From: vin () shore net (Vin McLellan)
Date: Wed, 08 Mar 2000 02:23:22 -0500




         Robert Graham <robert_david_graham () yahoo com> wrote:

OC-12 / STM-4 = 622 Mbit/s simplex, 1.244 Gbit/s duplex


        <snip>

it's beginning to look  like BlackICE  can keep up with OC12 as well.

BlackICE >>is very, very fast, and I'm pretty sure  it is the fastest IDS.

        David Newman <dnewman () networktest com> responded:

Much as I'm enjoying the current flamefest, would you kindly either put up
independent verification of such claims, or refrain from making them? Not to
single out Network ICE, but the many claims and counterclaims made in 
recent days are misleading, even to the learned readers of this list.


        Simple and straightforward demand.  

        It would also be really useful to have someone other than the
vendors step into this, David.  Why not you?  

        [You can't just toss out the (not unexpected) accusation that some
of these vendor CTOs are <ahem> perhaps exaggerated slightly... and then not
even mention who you think is pumping gas, and on what topic.  

        There is such a thing as being above the fray -- but it's bad form
(tm) to piss on everyone when some guy gets you mad.  Gives him/them a
chance for a reply too, to the editification of us all.]
      
        Current test-lab reports would be very appreciated.  

        Other first-hand reports of products currently in the market (as
opposed to products to ship RSN)  -- from people other than the vendors --
would also be appreciated by the readers here.   

        Anyone play with the Latest and Greatest from NFR?  ISS?  Count the
sigs?  Anyone consider deactivating X percent of attack sigs because they
are not relevant to the particular site where they are being installed?  

        Anyone using round-robin load-balancing, loading mirroring, or some
per-service sort/filter to distribute the packets from a big pipe among
multiple IDS sensors?  

        Suerte,
                        _Vin

 PS.   Although there may have been <gasp> inflated claims or promises,  I
gotta say that the 100 pages of this "comparisons" thread have been a vastly
informative treasure trove.   Would that all infosec forums had anything
like this signal to noise ratio!!!  The blood on the floor (vendors bleed
ink, didn't you know) is a small price to pay;-)

Current thread:

RE: IDS Comparison, (continued)
- RE: IDS Comparison andyb () lexmark com (Mar 07)
  - RE: IDS Comparison Ron Gula (Mar 07)
- RE: IDS Comparison Robert Graham (Mar 07)
  - RE: IDS Comparison Greg Shipley (Mar 08)
  - "Have it Your Way" was RE: IDS Comparison Mark.Teicher () predictive com (Mar 09)
  - Research topics in IDS twv14 (Mar 09)
    - RE: Research topics in IDS Bill Royds (Mar 10)
  - Blackice trojaned and very buggy jeff andrews (Mar 09)
- IDS comparison Klaus, Chris (ISSAtlanta) (Mar 07)
  - Re: IDS comparison Greg Shipley (Mar 09)
- RE: IDS Comparison Vin McLellan (Mar 07)
  - RE: IDS Comparison David Newman (Mar 08)
- RE: IDS Comparison Martins, Fernando (Lisbon) (Mar 08)
- RE: IDS Comparison David Newman (Mar 08)
- RE: IDS Comparison Lister, Justin (Mar 08)
- Re: IDS Comparison Dug Song (Mar 09)