Re: IDS is dead, etc

Hi Burak,

I remember your work and it was cool stuff. RNA is significantly different than just straight passive OS fingerprinting, we're building a persistent model of the network and applying what we've learned over time to the data that's coming out of the NIDS. There are several other "neat things" that RNA does that'll let it stand alone as a product unto itself, but when combined with NIDS it is designed to result in better prioritization of event data, reduction in evadability/false negatives, and false positive mitigation.

       -Marty

On Tuesday, August 5, 2003, at 02:41 AM, Burak DAYIOGLU wrote:

> On Sun, 2003-06-22 at 18:44, Martin Roesch wrote:
>>> I would love to see a fingerprinting tool that identified the client

-- 
Martin Roesch - Founder/CTO Sourcefire Inc. - (410) 290-1616
Sourcefire: Enterprise-class Intrusion detection built on Snort
roesch(at)sourcefire.com - 
http://www.sourcefire.com
Snort: Open Source Network IDS - 
http://www.snort.org


---------------------------------------------------------------------------
Captus Networks - Integrated Intrusion Prevention and Traffic Shaping  
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Automatically Control P2P, IM and Spam Traffic
 - Ensure Reliable Performance of Mission Critical Applications
Precisely Define and Implement Network Security and Performance Policies
**FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
Visit us at: 
http://www.captusnetworks.com/ads/31.htm
---------------------------------------------------------------------------