Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Vulnerability-based IPS Patent

from [Kyle Quest] Network Security [Permanent Link]
Subject: Vulnerability-based IPS Patent
Date: Thu, 30 Mar 2006 11:28:09 -0500 
Hello everybody :-)

I came across an interesting patent application today.
It's called "Proactive containment of network security attacks",
publication # US 2006-0059558 A1 / filed September 15 2004.
The invention described by this patent is the work of John Selep 
and Mauricio Sanchez from Hewlett Packard.

This patent application claims that Mr. Selep and Mr. Sanchez
invented a vulnerability-based system that's capable of stopping
attacks without relying on specific exploit signatures. In other 
words, they are trying to patent an IPS that uses vulnerability
signatures. If everything goes well soon companies like NFR, ISS, TippingPoint, 
SourceFire, TopLayer, etc will be paying licensing 
fees to HP. 

I would assume that ISS and NFR would be most interested in
investigating this patent application because they've been
doing things described in the application claims the longest
out of all IPS/IDS vendors (researching vulnerabilities, 
creating vulnerability based fingerprints that use proper protocol 
and data decoding instead of simple exploit oriented pattern-matching 
based signatures, and then distributing updates to the customers).   

When I read the patent I couldn't believe my eyes. For somebody who's
been in the security/IPS industry for a while it was like seeing
somebody trying to patent the wheel. John Selep is a product marketing
manager, so it's possible he doesn't know much about security and the intrusion 
prevention industry, but Mauricio Sanchez is a 
network security architect at HP... It's hard to believe that he didn't 
know about a technology that's been out for many years.

By the way, Mr. Sanchez has a number of other patent applications.
The most questionable of the other applications is called
"Virus/worm throttle threshold settings" (publication # US 2005/0265233 A1).
I bet most anomaly / behavior IPS vendors will have something to say
about this. Once again, get ready to pay up to HP soon...


I know that most IPS vendors have people subscribed to this list
and I'm sure I'm not the only one who has something to say about this.
This could cost a lot of money to your companies guys. Do you want
to go through the same pain RIM went through battling NTP?

Kyle

P.S.
Here's a link to the questionable IPS patent: http://tinyurl.com/eo4oz


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: IDS vs. IPS deployment feedback, Devdas Bhagat
Next by Date:  Re: IDS vs. IPS deployment feedback, Will Metcalf
Previous by Thread:  RE: IDS vs. IPS deployment feedback, Devdas Bhagat
Next by Thread:  RE: Vulnerability-based IPS Patent, Kyle Quest
Indexes:  [Date] [Thread] [Top] [All Lists]