Network Security: Detailed info on RE: Wishlist for IPS Products

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Focus-IDS

[Top] [All Lists]

RE: Wishlist for IPS Products

from [idswizard] Network Security

[Permanent Link]

Subject:	RE: Wishlist for IPS Products
Date:	Sat, 18 Sep 2004 10:28:58 -0400

Only way to do this and not create tons of false postives is true protocol

parsing. This knocks out most IPS vendors like Tipping Point.

That is an interesting statement.  Tipping Point claims to only have one
customer experience a false positive and it was based on Chat traffic.
During a SANS webcast, Los Alamos National Laboratory seemed to back that
data (https://www.sans.org/webcasts/show.php?webcastid=90514).

What test(s) have you done showing Tipping Point is prone to false positives
based on their signatures/filters?  



--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE 
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to 
learn more.
--------------------------------------------------------------------------

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Wishlist for IPS Products - HYBRID IPS, (continued) Re: Wishlist for IPS Products - HYBRID IPS, Andy Cuff Re: Wishlist for IPS Products, Srinivasa Rao Addepalli Re: Wishlist for IPS Products, David Maynor Re: Wishlist for IPS Products, PS R Re: Wishlist for IPS Products, Tony Carter Re: Wishlist for IPS Products, PS R Re: Wishlist for IPS Products, David Maynor Re: Wishlist for IPS Products, David Maynor Re: Wishlist for IPS Products, David Maynor Re: Wishlist for IPS Products, PS R RE: Wishlist for IPS Products, idswizard <= Re: Wishlist for IPS Products, David Maynor Re: Wishlist for IPS Products, Jason Haar RE: Wishlist for IPS Products, Paine, Steve Fwd: Re: Wishlist for IPS Products, Craig M. Taylor

Previous by Date:	Re: Linux SuSe host base IDS., Volker Kindermann
Next by Date:	Re: What is false alarm rate and false positive rate?, Gautam Singaraju
Previous by Thread:	Re: Wishlist for IPS Products, PS R
Next by Thread:	Re: Wishlist for IPS Products, David Maynor
Indexes:	[Date] [Thread] [Top] [All Lists]