Re: NIDS Patent

[stuart () SiliconDefense com (Stuart Staniford)]

Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au

turnere wrote:

> I was just doing a patent search from within the US Patent and Trademark
> Office's database, and found the following patent:
>
>  United States Patent
>
> 5,796,942
>  Esbensen

Thanks for drawing this to our attention.  One can find the whole thing by
going to  

http://164.195.100.11/netahtml/srchnum.htm

and searching for 5,796,942

Indeed, this appears to be a patent that, if valid, would pre-empt just
about any signature based network intrusion detection system.

I am unable to see how the patent claims embody any features that weren't
already present in Todd Hebelein's papers on the Network Security Monitor
in the late '80s and very early '90s.  As far as I know, NSM was the first
NIDS.  Becky Bace's book says the same thing. 

I've cc:d Dan Esbensen and Todd Heberlein.  Dan - did you really invent
network intrusion detection before anyone else?  Why didn't you file till
1996?

See also:

http://www.ttinet.com/doc/security.html

Does anyone know if Computer Associates has tried to enforce this patent?

Stuart.

P.S. To anyone else who's reading this - please, please don't file any more
patents in the intrusion detection field.  All it does is cloud the field
and slow down progress.  

-- 
Stuart Staniford  ---  President  ---  Silicon Defense
                   stuart () silicondefense com
(707) 445-4355                     (707) 445-4222 (FAX)