Probably, but then no IDS/IPS is ever going to offer you 100% protection (ie
you need defense in depth), so should such a list _really_ matter?
I'd love to get my hands on a list of companies that rely on such lists for
IDS/IPS selection in the hope that an IDS/IPS will make up for sloppy
internal security! :P
I don't know... is there such a thing as a _bad_ IDS or IPS anymore? The
market is so saturated that you can pretty much get away with buying
anything, but then it really depends WHAT you want an IDS/IPS for, and what
other protection you have in place, rather on whether or not it will let
through obscure exploits.
I'm pretty sick of IPS bake-offs, magazine reviews, and ill-educated
comparisons - what really counts is your overall security. 99.999% is good
enough, 100% is never achievable, so why bother picking holes when you know
you're going to find them? :)
Anyway - the list you have in mind is over 18 months old now -
http://www.darkreading.com/document.asp?doc_id=99581&WT.svl=news1_2 - too
many things would have changed since then for it to make relevant selection
criteria for you, if that's what you have in mind?
But, with the best will in the world, even the best IPS/IDS with up to date
patches and 24/7 support will never defend you against badly written code or
unpatched systems, and you may as well not bother using one at all if you're
not going to take these other things into consideration.
Happy New Year!
Tim
----- Original Message -----
From: <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Wednesday, January 03, 2007 2:49 AM
Subject: IPS Vendor Evasion
At Blackhat HD Moore and Brian Caswell did a presentaion of bypassing IPS.
Maybe I dreamed this but wasn't there a list of vendors that were and were
not bypassed? Maybe it was not HD and Brian that did it. If there was such
a thing where can I find it?
Thanks,
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
