Hi, I reviewed several IDS/IPS products and I concluded that there is two kind of signatures languages. First one, the simplest, allows attack detection customization by changing some value in the signature, or allows creating new attack by adding a one line rule (snort rule). Second one, the hardest, allows full signature or new protocol state machine development. by mean of a complete programming language (N-code).
I would like to know what are the pro/cons of using both methods. I would appreciate some feedback from some real life experiences, if possible. TIA. ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
