[Snort-users] OT: IDS: issues and problems.

skadhi skadhi at ...4497...
Fri Jan 18 00:57:03 EST 2002


On Thu, 2002-01-17 at 22:35, Ashley Thomas wrote:
> What are the "current" problems that IDS design is facing:
> - to monitor at high traffic.
> - to do tcp stream assembly.
> - to detect evasion.
> 
> any others ? very important ones ?
- to defeat stateholding attacks

I think that the work of Handley & Paxson on packet normalization to
help with NIDS evasion is very cool. OpenBSD PF's scrub already helps
with that (thru normalization & defragmentation). For more information
about this topic:
http://www.icir.org/vern/papers/norm-usenix-sec-01-html/


-- 
/Saad Kadhi --  [skadhi at ...4497...] 
[pgp keyid: 35592A6D http://pgp.mit.edu]
# buy a geek-in-a-can, point nozzle at technical problem and spray
# if desesperate degauss your screen. it might solve your pb as well





More information about the Snort-users mailing list