Focus on IDS Mode:
(Page 8 of 199)  < Prev  3 4 5 6 7 8 9 10 11 12 13  Next >
Re: Snort with an expert system 2009-06-25
Tomas Olsson (tol sics se)
My comments in the text below.

Stefano Zanero wrote:
>> "A false positive is an alert that triggers on normal traffic where no
>> intrusion or attack is underway"
>>
>
> That's a good definition, but not really complete. Under that
> definition, if you place a rule that flags IRC connections,

[ more ]  [ reply ]
Re: Snort with an expert system 2009-06-25
Stefano Zanero (s zanero securenetwork it) (1 replies)
>> Is it a false positive a case where there is no rule, or the traffic
>> does not match with the rule, and the engine still fires?

> This does not fit with the above definition since the alert must be
> triggered by the traffic.

You would be surprised in knowing that this is the only case where

[ more ]  [ reply ]
Re: Snort with an expert system 2009-06-25
Tomas Olsson (tol sics se) (1 replies)
Re: Snort with an expert system 2009-06-25
Joel Esler (eslerj gmail com) (1 replies)
Re: Snort with an expert system 2009-06-25
Greg Shipley (gshipley neohapsis com) (3 replies)
Re: Snort with an expert system 2009-06-26
Gary Halleen (ghalleen cisco com)
Re: Snort with an expert system 2009-06-25
Richard Bejtlich (taosecurity gmail com) (1 replies)
Re: Snort with an expert system 2009-06-26
Martin Roesch (roesch sourcefire com)
Re: Snort with an expert system 2009-06-25
Martin Roesch (roesch sourcefire com) (1 replies)
Re: Snort with an expert system 2009-06-26
Gary Halleen (ghalleen cisco com) (1 replies)
Re: Snort with an expert system 2009-06-26
Stefano Zanero (s zanero securenetwork it) (2 replies)
Re: Snort with an expert system 2009-06-29
Martin Roesch (roesch sourcefire com) (1 replies)
Re: Snort with an expert system 2009-06-30
Tomas Olsson (tol sics se)
Re: Snort with an expert system 2009-06-26
mhellman taxandfinance com
AW: Announcing Allthreats 2009-06-24
Daniel, Akos (a daniel drillisch-telecom de) (1 replies)
Hi,

I think this can cause some information leaking for companies, where the admin does not understand the content of a sniffer file and/or sensibility of the sniffed traffic is underestimated. What will happen with the uploaded files?
Anyway home users can have huge advantages of that tool, if the

[ more ]  [ reply ]
Re: AW: Announcing Allthreats 2009-06-24
Ismael Briones (ismak inkatel com) (1 replies)
RE: AW: Announcing Allthreats 2009-06-24
Ali-Reza Anghaie (ali packetknife com) (1 replies)
Re: AW: Announcing Allthreats 2009-06-25
Ismael Briones (ismak inkatel com)
Announcing Allthreats 2009-06-23
Ismael Briones (ismak inkatel com) (1 replies)
I would like to announce the www.allthreats.com.

Allthreats is a free online network traffic analyzer. This system is
able to analyze a pcap file with several tools: IDS (only Snort at the
moment [Sourcefire VRT and Emerging Threats signatures], Iâ??ll integrate
Bro IDS soon), Honeysnap (from honey

[ more ]  [ reply ]
Re: Announcing Allthreats 2009-06-24
Will Metcalf (william metcalf gmail com)
Can a Bypass Switch Prevent Link Flapping - When inline device fails? 2009-06-23
bikramkgupta gmail com
Hi,

I am looking at the following Net Optics Bypass switch.

http://netoptics.com/products/product_family_details.asp?cid=8&pid=214&S
ection=products&menuitem=8&tag=NetOptics+iBypass+Bypass

My initial understanding was that the Bypass switch will actually maintain link state with inline device,

[ more ]  [ reply ]
Re: Re: Snort with an expert system 2009-06-22
tol sics se (1 replies)
Hi,

Coming late into this conversation, but what about using statistical learning filtering instead of an expert system? We have done it using an anomaly detection algorithm we have developed:

http://eprints.sics.se/3591/

(link to paper https://daisy.dsv.su.se/fil/visa?id=24833)

/Tomas

[ more ]  [ reply ]
Re: Snort with an expert system 2009-06-25
Stefano Zanero (s zanero securenetwork it) (1 replies)
Re: Snort with an expert system 2009-06-25
Tomas Olsson (tol sics se) (1 replies)
Re: Snort with an expert system 2009-06-25
Stefano Zanero (s zanero securenetwork it) (1 replies)
Re: Snort with an expert system 2009-06-25
Tomas Olsson (tol sics se) (1 replies)
Re: Snort with an expert system 2009-06-25
Stefano Zanero (s zanero securenetwork it) (1 replies)
Re: Snort with an expert system 2009-06-26
Gary Halleen (ghalleen cisco com) (1 replies)
Re: Snort with an expert system 2009-06-26
Stuart Staniford (sstaniford FireEye com) (1 replies)
Re: Snort with an expert system 2009-06-26
Gary Halleen (ghalleen cisco com)
(Page 8 of 199)  < Prev  3 4 5 6 7 8 9 10 11 12 13  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus