|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Dailydave] For those of you that don't know....
From: ric k (cygnus.0ff
gmail.com)
Date: Tue Dec 14 2004 - 00:24:21 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
hi guys,
jumped in late. but yes i agree with david. i've worked with
tippingpoint's box and after some analysis could easily conclude that
tippingpoint has an intutive gui but when it comes to actually
detecting some advanced things, i was disappointed. i don't really
think that they are doing protocol decoding at all!!
it's very easy to 'play' with the tippingpoint box and evade it.
\cyg
On Mon, 13 Dec 2004 15:24:42 -0500, Maynor, David (ISS Atlanta)
<dmaynoriss.net> wrote:
> You should preface your last statement with "I write exploits for a
> living so I don't want people to buy a solution that actually stops
> them."
>
> You can't say with a straight face they were doing better than everybody
> else in the market, they are evaded by simple RPC fragmentation, even
> SNORT catches that. ImmunitySec's own Canvas CRI turns it into swiss
> cheese, from what I hear.
>
> What other NIPS/HIPS vendors are you speaking of? As far as I know Willy
> Wonka got his Ompalompa's on spyware research now so the list of NIPS
> that tippingpoint is better than has dropped a bit.
>
>
>
> -----Original Message-----
> From: Sinan Eren [mailto:sinan.erenimmunitysec.com]
> Sent: Monday, December 13, 2004 2:39 PM
> To: Maynor, David (ISS Atlanta)
> Cc: dailydave
> Subject: Re: [Dailydave] For those of you that don't know....
>
> > Who knew PCRE was worth that much?
>
> Compared to other marketed NIDS/NIPS tippingpoint was doing a much
> better
> job. So it did not suprise me much.
>
> Same could be said for Determina being so much better than all the other
>
> marketted HIPS out there. So i expect to see some big acquisition in
> that
> too.
>
> I would personally pick tippingpoint and determina if i was in a CSO
> or similar position. So standing from a technical point of view I would
> endorse both of these products.
>
> cheers,
> Sinan
>
> _______________________________________________
> Dailydave mailing list
> Dailydavelists.immunitysec.com
> https://lists.immunitysec.com/mailman/listinfo/dailydave
>
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
https://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]