[logs] FW: interesting paper on testing sig-based IDS

From: Kohlenberg, Toby (toby.kohlenberg@private)
Date: Fri Feb 25 2005 - 21:01:48 PST


Didn't want to cross post this but it seems interesting to both groups.

> ______________________________________________ 
> From: 	Kohlenberg, Toby  
> Sent:	Friday, February 25, 2005 9:01 PM
> To:	focus-ids@private
> Subject:	interesting paper on testing sig-based IDS
> 
> http://www.cs.ucsb.edu/~vigna/pub/2004_vigna_robertson_balzarotti_CCS0
> 4.pdf
> 
> It seems very similar (at least at first glance) what what's been
> implemented by
> RFP in Whisker (the anti-IDS techniques) or in Metasploit (IDS
> confusion techniques).
> 
> Have any/many of you seen this before? It seems like it's something we
> would have
> seen cross this list but I don't remember it doing so.
> 
> t
> 
> Toby Kohlenberg, CISSP, GCIH, GCIA
> Senior Information Security Analyst
> Applied Security Technology Team
> Intel Corporate Information Security
> 503-712-8588  Office & Voicemail
> 877-497-1696  Pager
> "Just because you're paranoid, doesn't mean they're not after you."
> 
> PGP Fingerprint:
> 92E2 E2FC BB8B 98CD 88FA  01A1 6E09 B5BA 9E84 9E70
> 
> 
_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis



This archive was generated by hypermail 2.1.3 : Sat Feb 26 2005 - 20:01:47 PST