OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: IDS: IDS Comparison
From: Marcus J. Ranum (mjrnfr.net)
Date: Sat Mar 04 2000 - 11:47:08 CST

FAQ: See http://www.ticm.com/kb/faq/idsfaq.html
IDS: See http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owneruow.edu.au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
USUBSCRIBE: email "unsubscribe ids" to majordomouow.edu.au
--------------------------------------------------------------------------- 

---
Jackie Chan wrote:
>The truth is that
>RealSecure WILL alert that Fragmented packets are going through, from
>what source, and to what destination.

Oh, that's really sophisticated IDS! :)
            ------

So it'll tell you about frags but not what kind of attack - what
if there's _no_ attack, just frags? Could a bad guy do a denial
of service on the IDS by just doing normal web traffic over frags,
until the administrator gave up in disgust because of all the
false alarms? Does it leave re-assembling the frags to check for
attacks as an "exercise for the administrator"?

That's profoundly lame. And it's only twice as expensive as the
better products on the market! :)

Obviously I'm biassed, but, geeze, people, open your eyes and
smell the unpleasant odor wafting from the crap you've been buying!

mjr.