Focus on IDS Mode:
(Page 4 of 199)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
Whatever happened to 10gb IPS? 2010-07-12
Mr. Karim (aseeker03 gmail com) (2 replies)
A long time ago, there was considerable discussion about IPS sensors
that could decode 10gb Ethernet traffic. I was wondering if anyone has
recently validated any IPS sensors that can actually inspect 10GB
worth of traffic, full duplex (20gb)?



[ more ]  [ reply ]
Re: Whatever happened to 10gb IPS? 2010-07-12
Curt Purdy (infosysec gmail com) (1 replies)
Re: Whatever happened to 10gb IPS? 2010-07-12
Joel Esler (joel esler me com) (1 replies)
RE: Whatever happened to 10gb IPS? 2010-07-13
Jeffrey White (Jeff White RaymondJames com) (1 replies)
Re: Whatever happened to 10gb IPS? 2010-07-13
Joel Esler (joel esler me com)
Re: Whatever happened to 10gb IPS? 2010-07-12
Greg Hopke (greg hopke gmail com)
XArp 2.1.0 - ARP Spoofing Detection - new version and changed license: its free 2010-07-07
xarp chrismc de

XArp - ARP Spoofing Detection - has made a huge step and is now available
in version 2.1.0.

Most important changes:
-increased stability
-available for Linux and Windows
-changed license model

XArp is now free to use for unlimited time and fully functional! The
XArp Professional version is av

[ more ]  [ reply ]
[TOOL] The 'Snort like' way of dealing with logs == Sagan 2010-06-25
Champ Clark III [Softwink] (champ softwink com)

Sagan release version 0.1.0
Written by Champ Clark (AKA 'Da Beave') and the Softwink, Inc team
Date: 06/24/2010

Softwink announces the release of Sagan, a real time log monitoring utility.

Sagan can alert you when events are occurring in your syslogs that need your

[ more ]  [ reply ]
CFP: Deadline Extended: SLAML'10 2010-06-15
Mohror, Kathryn (mohror1 llnl gov)
Workshop on Managing Systems via Log Analysis and Machine
Learning Techniques (SLAML '10)

October 2-3, 2010
Vancouver, BC, Canada
(at O

[ more ]  [ reply ]
Announcement: xtractr updates 2010-06-08
pcapr (pcapr admin gmail com)
Just a quick note to let you know that the lite version of xtractr can
now index up to 10 million packets or 1GByte of pcaps. This makes it
easy to grab large packet traces from a production network and perform
troubleshooting and forensics with just a few clicks. We have also
updated the live demo

[ more ]  [ reply ]
Performance measurement tool for IDS/IPS 2010-06-01
wittybugz gmail com
Hi All,

Is any tool available in market (free or paid) for measuring performance of Host based IDS/IPS devices?

I want to measure performance for protocols like HTTP,FTP,SMB/RPC,DNS etc.



Securing Your Online Da

[ more ]  [ reply ]
Re: RE: Re: OSSEC and Windows messages 2010-05-17
evilwon12 yahoo com
Actually got this working. I am still not 100% sure why it was not working earlier.

What I had to do was include the full path, out to the directory I want to exclude, in my match.

As I said, it was C:\Windows/system32/dir1/dir2/dir3/.../dirx/file.out

I was trying to match only on "dirM" a

[ more ]  [ reply ]
Re: Re: OSSEC and Windows messages 2010-05-10
evilwon12 yahoo com (1 replies)
Sorry if I was not clear in my original post. When I said I have not been able to filter on anything in the message string, I thought that implied that I have already done a custom rule in the local rules file. Sorry if that was not clear, but it is not working.


[ more ]  [ reply ]
RE: Re: OSSEC and Windows messages 2010-05-11
Josh Little (josh zombietango com)
Re: OSSEC and Windows messages 2010-05-05
sohil_garg yahoo co in
you can write a custom rule in local_rules.xml file and filter accordingly.

Securing Your Online Data Transfer with SSL.
A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL cert

[ more ]  [ reply ]
OSSEC and Windows messages 2010-04-20
evilwon12 yahoo com
I am trying to match on a windows error message and am not having any luck. What I do not want to do is ignore the rule completely, only certain messages.

An example message is this:

Integrity checksum changed for:


I want

[ more ]  [ reply ]
Announcing: Ruby API for xtractr 2010-03-18
kowsik (kowsik gmail com)
What started off as a way to unit test the RESTful API for xtractr has
now turned into a Ruby gem that we are releasing as open source. First
xtractr, then nuggets and now a gem.

We are happy to announce a Ruby gem for xtractr which takes all the
goodness of Ruby and interacts RESTfully with xtract

[ more ]  [ reply ]
Decrypting PPTP network traffic 2010-03-17
Alexander Perchov (alexperchov1969 googlemail com)
Note: apologies for cross posting - I hope to get more coverage this
way, because google hasn't been helping lately ;-)

I am looking for a tool that can decrypt MPPE (Microsoft
Point-to-Point Encryption) network traffic given a pcap (or any other
format really) and the correct key / NTLM hash. Is a

[ more ]  [ reply ]
Call for Papers: EC2ND 2010 2010-03-05
Konrad Rieck (konrad rieck tu-berlin de)
Dear Colleagues,

Please find attached the Call for Papers for EC2ND 2010,
the sixth European Conference on Computer Network Defense,
which will be held in Berlin, Germany, October 28-29, 2010.

Please feel free to distribute this announcement. We apologize
if you receive multiple copies of this

[ more ]  [ reply ]
Announcing xtractr (on pcapr) 2010-02-22
kowsik (kowsik gmail com)
We are happy to announce xtractr, a collaborative cloud app for
indexing, searching, extracting and reporting on large pcaps. xtractr
enables network/support engineers and testers to troubleshoot the
network, isolate problems, identify field issues and perform network

You can learn more

[ more ]  [ reply ]
CFP: Workshop on the Analysis of System Logs 2010-02-05
Kathryn Mohror (mohror1 llnl gov)
Workshop on the Analysis of System Logs (WASL) 2010
Call for Papers

October 3, 2010
Vancouver, Canada

[ more ]  [ reply ]
CfP DIMVA 2010 - Detection of Intrusions and Malware & Vulnerability Assessment (2 Week Notice) 2010-01-20
Sebastian Schmerl (sbs informatik tu-cottbus de)
Hello List-Member,

attached you'll find the Call for Paper for the International Conference
on Detection of Intrusions and Malware & Vulnerability Assessment. The
focus of the DIMVA conference covers topics on this list, so do not
hesitate to submit your research results as a paper or your ongoing

[ more ]  [ reply ]
Recent NSS test 2009-12-16
Ravi Chunduru (ravi is chunduru gmail com)

It apperas from the test methodology, NSS concentrated on the
protections for target types Web Server, Web Browser ActiveX,
JavaScript , Browser Plug-ins/Add-ons. Except for Web Server, all
others are mainly related to "Target Initiated" intrusions. Does
anybody have information on number of

[ more ]  [ reply ]
Re: I love the smell of whining in the morning... 2009-12-11
Lawrence Pingree (ntpeck yahoo com)
I agree with Joel, nss holds their ground on their methodology. What i
think happens is he vendors select the "best features" that one-up the
competition and whalla... They win. I thinm Some testing firms can't
hold water at all and and are just producing hype. Best do your due
dilligence yo

[ more ]  [ reply ]
Re: RE: Re: I love the smell of whining in the morning... 2009-12-10
bwalder spamcop net (1 replies)
Andrew - I see Tippingpoint is listed as a "strategic partner" on your Web site, so I guess I can see where you might be concerned about such results.

However, the reason why Tippingpoint results have altered from report to report is covered quite well in Rick Moy's blog posts at http://nsslabs.b

[ more ]  [ reply ]
RE: RE: Re: I love the smell of whining in the morning... 2009-12-11
Andrew Plato (andrew plato anitian com)
(Page 4 of 199)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


Privacy Statement
Copyright 2010, SecurityFocus