Re: Mod FWD

[Keiji Takeda <keiji () sfc keio ac jp>]

Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owner () uow edu au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au
-----------------------------------------------------------------------------
Hi,

I  recently tested several IDSs in the market for an article on 
Japanese magazine and think this is good chance to talk about my recogntion.

The packet reassembly has been one of hot issues on Networkbased IDS for long time.
Today, in my feeling, it became on of requirements of NIDS product.

When I did the test, all IDSs I could get handled fragmented IP packets and
 TCP segments.
The notrious Realsecure nicely does reassemble packets in its version5.0.
It seems that the product has no weakness anymore as well as other products
that have good names.

I'd like to be fair, so please give me your feedback.

P.S. Even my tiny free IDS, Packet Monster (pakemon), does it now! ;)  

Marcus J. Ranum san wrote on Wed, 06 Sep 2000 10:22:35 -0400
By the way, are there still IDS out there that don't do TCP
> reassembly and defragmentation? It's the 21st century, now,
> surely we've gotten past the basics! ;)



Keiji Takeda ( http://www.sfc.keio.ac.jp/~keiji/ )