Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: TippingPoint Releases Open Source Code for FirstIntrusionPrevention

from [Rob Shein] Network Security [Permanent Link]
Subject: RE: TippingPoint Releases Open Source Code for FirstIntrusionPrevention Test Tool, Tomahawk
Date: Thu, 4 Nov 2004 08:48:07 -0500 
Oh, I have to disagree with this, and for a one-word reason: "open".
Because it's an open-source tool, everyone can look into it and see how it
works.  For example, before I'd even started reading this thread, Martin
Roesch had chimed in with his own assessment of how it works.  So if it's
geared towards making any one vendor look better than all the others...well,
they'd get caught at it right off, and it would have the opposite effect.
(For example: the infamous Mier Labs testing of an Intrusion.com product
some years ago, using ridiculously unrealistic network traffic.)

And also worth pointing out is that unlike the RDBMS example listed below,
TippingPoint isn't even saying that their product is better with this tool.
For that matter, they aren't making any claims at all; their release could
just as easily have come from any researcher with no vendor ties, without
being any different.  They're only saying, "hey, this is a rapidly-growing
technology, and there aren't any really tools for non-vendors to  validate
products...here's something we've come up with to get the ball rolling in
that direction."  I have to applaud this, and wonder what motivates one of
their competitors to reflexively slam it for logically incorrect reasons.


-----Original Message-----
From: Mitchell Ashley [mailto:mitchell@stillsecure.com] 
Sent: Tuesday, November 02, 2004 12:57 PM
To: focus-ids@securityfocus.com
Subject: RE: TippingPoint Releases Open Source Code for 
FirstIntrusionPrevention Test Tool, Tomahawk


Lets face it, any "open" IPS testing tool released by any IPS 
vendor will have little industry or customer credibility. 
This is reminiscent of the early RDMBS days when the vendors 
created their own proprietary benchmarks. They had little 
credibility until the benchmark tests we defined, specified 
and improved by industry standards groups. 

Caveat emptor.

. . .
Mitchell Ashley
CTO
StillSecure

303-881-9353 Mobile
303-381-3880 Fax

www.stillsecure.com
Reducing your risk has never been this easy.
. . .
The information transmitted is intended only for the person 
to which it is addressed and may contain confidential 
material. Review or other use of this information by persons 
other than the intended recipient is prohibited. If you've 
received this in error, please contact the sender and delete 
from any computer. 


-----Original Message-----
From: Clemens, Dan [mailto:Dan.Clemens@healthsouth.com] 
Sent: Tuesday, November 02, 2004 8:17 AM
To: Kyle Quest; focus-ids@securityfocus.com
Subject: RE: TippingPoint Releases Open Source Code for 
FirstIntrusionPrevention Test Tool, Tomahawk


 

      >What we need... is Snort for IPS/IDS/Firewall 
      >testing, which would be advanced by the security 
      >community and not by a commerical company who's 
      >business interests are in conflict with the purpose 
      >of the tool. 


      That's just my take on it... 


      - Kyle, Don't forget the 'snort' folks have just as 
much of a vendor presence as TippingPoint or any other IDS 
vendor. TippingPoint _may_ be trying to encourage use of 
their tool for IDS evolution as a whole  much like snort has 
yet still has hopes they will get some benefit from their free tool.

      Now do you have any pcaps to contribute to snort or the 
rest of us packetninjas?

      -Dan


Confidentiality Notice: This e-mail communication and any 
attachments may contain 
confidential and privileged information for the use of the 
designated recipients named above. If 
you are not the intended recipient, you are hereby notified 
that you have received this 
communication in error and that any review, disclosure, 
dissemination, distribution or 
copying of it or its contents is prohibited. If you have 
received this communication in 
error, please notify me immediately by replying to this 
message and deleting it from your 
computer. Thank you.


--------------------------------------------------------------
------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world 
attacks from 
CORE IMPACT.
Go to 
http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_04

0708 
to learn more.
--------------------------------------------------------------------------




--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: TippingPoint Releases Open Source Code for FirstIntrusionPrev ention Test Tool, Tomahawk, Greg Shipley
Next by Date:  RE: TippingPoint Releases Open Source Code for FirstIntrusionPrevention Test Tool, Tomahawk, Greg Shipley
Previous by Thread:  RE: TippingPoint Releases Open Source Code for FirstIntrusionPrevention Test Tool, Tomahawk, Mitchell Ashley
Next by Thread:  RE: TippingPoint Releases Open Source Code for FirstIntrusionPrevention Test Tool, Tomahawk, Greg Shipley
Indexes:  [Date] [Thread] [Top] [All Lists]