TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ----------------------------------------------------------------------------
Actually there was a lot of overlap between the legacy Black Ice signature set and the RealSecure Network Sensor 6.5 signature set. However, you forgot to account for new signatures that were added to RSNS 7.0 during the integration of the two signature sets and only exist there. The rest of the apparent discrepancy is due to rounding error in your approximate numbers. As far as protocol analysis versus pattern matching goes, both RSNS 6.5 and RSNS 7.0 use protocol analysis and pattern matching techniques. Granted, RSNS 7.0 has significantly more protocol analysis signatures in it than does RSNS 6.5. The decision to use a pattern matching or protocol analysis (or both) technique is made when the signatures are created, not at run-time. Each technique has its place and neither is fundamentally superior to the other (in spite of what you hear everyone's marketers say). So when we create new signatures, we look at the attack and choose the most applicable technique from RealSecure's rather large arsenal. Paul -----Original Message----- From: eCop [mailto:[EMAIL PROTECTED]] Sent: Monday, September 09, 2002 1:01 PM To: [EMAIL PROTECTED] Subject: pattern-matching and protocol analysis TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ---------------------------------------------------------------------------- hi all, after ISS purchased NetworkIce, now the RS7.0 claims 1200+ signatures, you know RS 6.5 used to be around 600+, and black ice used to be 600+, so now it's 1200+, my question is: there's no overlap between these two products in signature? another question is since now 7.0 is using both protocol analysis and pattern matching, so if there's an attack, how the RS will decide to detect it via protocol analysis or via pattern matching? Cheers, ecop 2002-09-10
