[Snort-users] Fallacies and lies.

Bob Walder bwalder at ...1926...
Thu Nov 6 02:43:08 EST 2003

I am not saying they are wrong about WHERE IDS/IPS is going - it HAS to
migrate to the core eventually - but to state that as of NOW IDS is dead
and IPS is stillborn and that deep inspection firewalls can do
everything that we want is downright irresponsible.


Bob Walder

This message is intended for the addressee only and may contain
information that may be of a privileged or confidential nature. If you
have received this message in error, please notify the sender and
destroy the message immediately. Unauthorised use or reproduction of
this message is strictly prohibited.

>> -----Original Message-----
>> From: snort-users-admin at lists.sourceforge.net 
>> [mailto:snort-users-admin at lists.sourceforge.net] On Behalf 
>> Of Jason Haar
>> Sent: 06 November 2003 00:10
>> To: snort-users at lists.sourceforge.net
>> Subject: Re: [Snort-users] Fallacies and lies.
>> I don't want to be seen to be standing up for Gartner - but 
>> one thing is correct.
>> They say:
>> "They don't work at wire speeds. Most network-based IDS 
>> products don't detect attacks in real time, and they can't 
>> handle the high speeds of internal networks"
>> The last piece is correct - in a different context. If you 
>> want to start pushing IDS "features" into your core INTERNAL 
>> network - then you really are looking at IDS functionality 
>> within routers and switches - not extra boxes.
>> If you have 40 switches on your LAN - what would you prefer? 
>> 40 new IDS in front of each, or switches that "do" IDS? What 
>> about the extra 70 Wireless APs you have? You can't have 
>> them all sitting next to one IDS now can you...
>> Either switches add IDS functionality, or IDS needs to add 
>> switch functionality ;-)
>> ...or we all go to migrating to HIDS [that's where I think 
>> the future lies - even IDS in switches can't handle IPSec]
>> -- 
>> Cheers
>> Jason Haar
>> Information Security Manager, Trimble Navigation Ltd.
>> Phone: +64 3 9635 377 Fax: +64 3 9635 417
>> PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
>> -------------------------------------------------------
>> This SF.net email is sponsored by: SF.net Giveback Program. 
>> Does SourceForge.net help you be more productive?  Does it
>> help you create better code?   SHARE THE LOVE, and help us help
>> YOU!  Click Here: http://sourceforge.net/donate/ 
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe: 
>> >> https://lists.sourceforge.net/lists/listinfo/sno>> rt-users
>> Snort-users list archive: 
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users

More information about the Snort-users mailing list