A long time ago, there was considerable discussion about IPS sensors
that could decode 10gb Ethernet traffic. I was wondering if anyone has
recently validated any IPS sensors that can actually inspect 10GB
worth of traffic, full duplex (20gb)?

Thanks
H

---------------------------------------------

[ more ]  [ reply ]

Hi,

XArp - ARP Spoofing Detection - has made a huge step and is now available
in version 2.1.0.

Most important changes:
-increased stability
-available for Linux and Windows
-changed license model

XArp is now free to use for unlimited time and fully functional! The
XArp Professional version is av

[ more ]  [ reply ]

Sagan release version 0.1.0
http://sagan.softwink.com
Written by Champ Clark (AKA 'Da Beave') and the Softwink, Inc team
Date: 06/24/2010

Softwink announces the release of Sagan, a real time log monitoring utility.

Sagan can alert you when events are occurring in your syslogs that need your
atte

[ more ]  [ reply ]

Workshop on Managing Systems via Log Analysis and Machine
Learning Techniques (SLAML '10)

=============================================
October 2-3, 2010
Vancouver, BC, Canada
(at O

[ more ]  [ reply ]

Just a quick note to let you know that the lite version of xtractr can
now index up to 10 million packets or 1GByte of pcaps. This makes it
easy to grab large packet traces from a production network and perform
troubleshooting and forensics with just a few clicks. We have also
updated the live demo

[ more ]  [ reply ]

Hi All,

Is any tool available in market (free or paid) for measuring performance of Host based IDS/IPS devices?

I want to measure performance for protocols like HTTP,FTP,SMB/RPC,DNS etc.

Thanks,

Prateek

-----------------------------------------------------------------
Securing Your Online Da

[ more ]  [ reply ]

Actually got this working. I am still not 100% sure why it was not working earlier.

What I had to do was include the full path, out to the directory I want to exclude, in my match.

As I said, it was C:\Windows/system32/dir1/dir2/dir3/.../dirx/file.out

I was trying to match only on "dirM" a

[ more ]  [ reply ]

Sorry if I was not clear in my original post. When I said I have not been able to filter on anything in the message string, I thought that implied that I have already done a custom rule in the local rules file. Sorry if that was not clear, but it is not working.

----------------------------------

[ more ]  [ reply ]

you can write a custom rule in local_rules.xml file and filter accordingly.

-----------------------------------------------------------------
Securing Your Online Data Transfer with SSL.
A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL cert

[ more ]  [ reply ]

I am trying to match on a windows error message and am not having any luck. What I do not want to do is ignore the rule completely, only certain messages.

An example message is this:

Integrity checksum changed for:

'C:\Win32/system32/directory1/directory2/directory3/...../name.txt'

I want

[ more ]  [ reply ]

What started off as a way to unit test the RESTful API for xtractr has
now turned into a Ruby gem that we are releasing as open source. First
xtractr, then nuggets and now a gem.

We are happy to announce a Ruby gem for xtractr which takes all the
goodness of Ruby and interacts RESTfully with xtract

[ more ]  [ reply ]

Note: apologies for cross posting - I hope to get more coverage this
way, because google hasn't been helping lately ;-)

I am looking for a tool that can decrypt MPPE (Microsoft
Point-to-Point Encryption) network traffic given a pcap (or any other
format really) and the correct key / NTLM hash. Is a

[ more ]  [ reply ]

Dear Colleagues,

Please find attached the Call for Papers for EC2ND 2010,
the sixth European Conference on Computer Network Defense,
which will be held in Berlin, Germany, October 28-29, 2010.

Please feel free to distribute this announcement. We apologize
if you receive multiple copies of this

[ more ]  [ reply ]

We are happy to announce xtractr, a collaborative cloud app for
indexing, searching, extracting and reporting on large pcaps. xtractr
enables network/support engineers and testers to troubleshoot the
network, isolate problems, identify field issues and perform network
forensics.

You can learn more

[ more ]  [ reply ]

Workshop on the Analysis of System Logs (WASL) 2010
http://www.systemloganalysis.com
Call for Papers

===============================
October 3, 2010
Vancouver, Canada

[ more ]  [ reply ]

Hello List-Member,

attached you'll find the Call for Paper for the International Conference
on Detection of Intrusions and Malware & Vulnerability Assessment. The
focus of the DIMVA conference covers topics on this list, so do not
hesitate to submit your research results as a paper or your ongoing

[ more ]  [ reply ]

Hi,

It apperas from the test methodology, NSS concentrated on the
protections for target types Web Server, Web Browser ActiveX,
JavaScript , Browser Plug-ins/Add-ons. Except for Web Server, all
others are mainly related to "Target Initiated" intrusions. Does
anybody have information on number of

[ more ]  [ reply ]

I agree with Joel, nss holds their ground on their methodology. What i
think happens is he vendors select the "best features" that one-up the
competition and whalla... They win. I thinm Some testing firms can't
hold water at all and and are just producing hype. Best do your due
dilligence yo

[ more ]  [ reply ]

Andrew - I see Tippingpoint is listed as a "strategic partner" on your Web site, so I guess I can see where you might be concerned about such results.

However, the reason why Tippingpoint results have altered from report to report is covered quite well in Rick Moy's blog posts at http://nsslabs.b

[ more ]  [ reply ]