[Dshield] IPS/IDS solutions--your opinions?

[Joel Esler]

here here.

Whatever happened to the ability to analyze packets with just tcpdump  
sometimes?

J

On Jan 28, 2008, at 11:30 PM, CunningPike wrote:

> <rant>
>
> The direction this thread is taking is the most depressing thing I've
> read in quite some time. At the age of only 40, I feel like I'm a
> dinosaur - a relic of an age where computer technicians _had_ to know
> the inner workings of the systems they looked after, _had_ to be  
> able to
> analyze problems using knowledge of how "low-level" things like TCP  
> and
> RFCs actually worked, and _had_ to craft solutions themselves, making
> the tools and acquiring the skills to do so themselves if need be.
>
> We're _supposed_ to be whizzes = it's part of the craft. Being a
> competent computer technician/engineer/whatever is no less difficult
> than being a competent member of any skilled trade - you are  
> expected to
> understand what you are doing and be able to fabricate safe and
> compliant solutions to problems as you encounter them.
>
> </rant>
>
> CP
>
> Varine, Brian R SFC NG NG wrote:
>> I love Snort but I don't have time to write Perl scripts and hack out
>> unique fixes. Sourcefire and others are great because no one spends
>> enough on people to really do what you need. That means I need to get
>> something that an analyst can take care of and if it's too big for
>> them, they can get help from dedicated enterprise IT types. It'd be
>> great if I could find a team of 5 that knows how to fly an IDS, react
>> to incidents, and be a whiz at Perl for the price most clients are
>> willing to pay. Even then, with turnover being what it is, can I
>> expect the next guy to really understand what the previous guy has
>> done with his Perl scripts? Probably not.
>>
> _________________________________________
> SANS Security 2008 in New Orleans!! January 11-19 2008. Why freeze  
> up north if you can be in New Orleans.  http://www.sans.org/info/15826
>