|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Stefano Zanero (s.zanero
securenetwork.it)
Date: Wed Oct 22 2008 - 12:08:14 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
"Zow" Terry Brugger wrote:
> Unless it is a transparent application proxy,
Given. Still, it works at the application layer, otherwise it is a
cunningly-renamed stateful firewall which performs deep inspection.
> Unless it is an IPS, in which case
In which case it is not an IDS, and thus not in scope with the original
question :)
> The difference I'd see is that network IDS/IPS devices typically look
> for specific signatures (sequences of bytes, regular expressions,
> certain flags set in the headers, etc) on a session (TCP, UDP, ICMP)
> or network (IP) level packet.
Counterexamples: Arbor, Lancope
> Most can do some degree of session
> reassembily, but only in so far as to catch signatures which are
> divided across multiple packets.
I'm pretty sure that Martin Roesch, if he reads, will have something to
say here :)
--
Cordiali saluti,
Ing. Stefano Zanero, PhD
CTO & Co-Founder
Secure Network S.r.l.
Via Venezia, 23 - 20099 Sesto San Giovanni (MI)
Phone: +39 02.24126788
Fax: +39 02.24126789
email: s.zanerosecurenetwork.it
web: www.securenetwork.it
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]