[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] IDS features (was: Suggestion for IDS)
- To: Alejandro Barrera <abarrera@xxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] IDS features (was: Suggestion for IDS)
- From: Kevin Pawloski <kpawloski@xxxxxxxxx>
- Date: Wed, 28 Sep 2005 14:00:58 -0700
Cutting down on false alerts would be a start and by false alerts I mean (in
this case) alerts such as a receiving MS-SQL worm alerts on your Linux
hosts.
Yes, you can setup suppression alerts and disable rules but the larger the
network you monitor the more cumbersome that becomes. SourceFire has their
RNA solution which attempts to cut down on this problem but it isn't all the
way there just yet. (Not to mention that feature comes at an additional
cost)
On 9/28/05, Alejandro Barrera <abarrera@xxxxxxxxxxxxx> wrote:
>
> Hi all,
> Now that we're talking about IDS, which are, in the list's opinion, the
> features they hate more about actual IDS's?
> I mean, what features you dream of everytime you have to plat with your
> IDS
> but you don't have?
>
> Thxs in advanced.
>
>
> --
> Alejandro Barrera García-Orea
> R&D Engineer
> c/ Alcala 268 28027 Madrid
> Office: +34 91 326 66 11
> Fax: +34 91 326 66 11
> e-mail: abarrera@xxxxxxxxxxxxx
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/