Re: Blitzkrieg Server -- For Real?!

From: Kinczli Zoltan (kzoliat_private)
Date: Fri May 08 1998 - 03:11:14 PDT

  • Next message: Bruce K. Marshall: "Re: InfoWorld article on IDS"

         Seems to me hype, no more... 
      Our no-hype gurus are talking about how an intrusion can be 
    identified. Up to now - if i'm not mistaken - what we can say is:
    We can process the log and the audit trail, in order to minimize 
    the part which needs human inspection and further analysis to find 
    out if it was a "hack" or not.
       I don't belive that any of our existing code - be it stateful 
    inspection, application gw, whatever - is capable of identifing all 
    future attack types, capable of deciding if a "never ever seen 
    someting" is a hack or not.
       Third: what kind of counter attack would it launch? Is it 
    continuously developping new attacks? Or is it trying sequentially 
    all  the already known exploits? If yes, an up to date firewall
    POSSIBLY can resists all of them.
    > Anyone else heard of this? Seems like pure hype based on fiction to 
    >me....Is this pure marketing smoke, or is there some sort of unreal 
    >counter-attack technology bundled into this product?

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:58:53 PDT