RE: FW: 2nd Call--CRIME Meeting 8 June 2004, 10-Noon, @ Zoo Conf Rooms

From: Jay Swofford (JSwofford@private)
Date: Tue Jun 08 2004 - 09:50:52 PDT

  • Next message: Andrew Plato: "RE: FW: 2nd Call--CRIME Meeting 8 June 2004, 10-Noon, @ Zoo Conf Rooms"

    I won't be able to attend the meeting.  How does this tool compare to
    Shadow?
    
    Jay 
    
    -----Original Message-----
    From: owner-crime@private [mailto:owner-crime@private] On Behalf
    Of toby
    Sent: Monday, June 07, 2004 5:41 PM
    To: crime@private; aplato@private
    Subject: RE: FW: 2nd Call--CRIME Meeting 8 June 2004, 10-Noon, @ Zoo
    Conf Rooms
    
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    
    Having seen the paper and the tool, you want to attend this talk. It
    should be very cool.
    
    t
    
    On Mon, 07 Jun 2004 14:50:56 -0700 Andrew Plato <aplato@private>
    wrote:
    >Ourmon is a statistical network monitor. Looks at packets, computes 
    >statistics, keys on statistical values.
    >
    >Snort is a intrusion detection system. Looks at packets, compares them 
    >to known vulnerabilities/exploits, keys on signatures and protocol 
    >anomalies.
    >
    >Ourmon is more synonymous a "flow-based IDS"  There are some intrusion 
    >prevention products built around flow-analysis, such as TippingPoint's 
    >UnityOne and TopLayer AttackMitigator. However, these products usually 
    >augment their flow analysis with signatures and higher-level filters as
    
    >well.
    >
    >
    >___________________________________
    >Andrew Plato, CISSP
    >President/Principal Consultant
    >ANITIAN  ENTERPRISE  SECURITY
    >
    >3800 SW Cedar Hills Blvd, Suite 298
    >Beaverton, OR 97005
    >503-644-5656 Office
    >503-214-8069 Fax
    >503-201-0821 Mobile
    >www.anitian.com
    >___________________________________
    >
    >GPG fingerprint: 16E6 C5B0 B6CB F287 776E E9A9 AF47 9914 3582 633D GPG 
    >public key available at: http://www.anitian.com/corp/keys.htm
    >>
    >>
    >-----Original Message-----
    >From: owner-crime@private [mailto:owner-crime@private] On Behalf 
    >Of Mark Allyn
    >Sent: June 07, 2004 1:53 PM
    >To: alan
    >Cc: George Heuston; crime@private
    >Subject: Re: FW: 2nd Call--CRIME Meeting 8 June 2004, 10-Noon, @ Zoo 
    >Conf Rooms
    >
    >
    >All kidding aside; I thought that snort was the biggie for open source 
    >network monitoring.
    >
    >Mark
    
    "I have gone to great lengths to expand my threshold of pain"
    - -Tool
    -----BEGIN PGP SIGNATURE-----
    Note: This signature can be verified at https://www.hushtools.com/verify
    Version: Hush 2.4
    
    wkYEARECAAYFAkDFCzQACgkQgmQPhCwzFyDoSQCguXZ6+2ozaPdLCV3TgjAEX/C7y74A
    oKKkZA6tDpayuNXyvRtG0AweRGkG
    =Vw6B
    -----END PGP SIGNATURE-----
    



    This archive was generated by hypermail 2b30 : Tue Jun 08 2004 - 10:34:51 PDT