[Dshield] IPS/IDS solutions--your opinions?

Tomas L. Byrnes tomb at byrneit.net
Tue Jan 29 07:10:14 GMT 2008 

Err, Regular expressions. That's it, I'm off to bed. Newborn has me
fried.
 

> -----Original Message-----
> From: list-bounces at lists.dshield.org 
> [mailto:list-bounces at lists.dshield.org] On Behalf Of Joel Esler
> Sent: Monday, January 28, 2008 10:34 PM
> To: General DShield Discussion List
> Subject: Re: [Dshield] IPS/IDS solutions--your opinions?
> 
> here here.
> 
> Whatever happened to the ability to analyze packets with just 
> tcpdump sometimes?
> 
> J
> 
> On Jan 28, 2008, at 11:30 PM, CunningPike wrote:
> 
> > <rant>
> >
> > The direction this thread is taking is the most depressing 
> thing I've
> > read in quite some time. At the age of only 40, I feel like I'm a
> > dinosaur - a relic of an age where computer technicians 
> _had_ to know
> > the inner workings of the systems they looked after, _had_ to be  
> > able to
> > analyze problems using knowledge of how "low-level" things 
> like TCP  
> > and
> > RFCs actually worked, and _had_ to craft solutions 
> themselves, making
> > the tools and acquiring the skills to do so themselves if need be.
> >
> > We're _supposed_ to be whizzes = it's part of the craft. Being a
> > competent computer technician/engineer/whatever is no less difficult
> > than being a competent member of any skilled trade - you are  
> > expected to
> > understand what you are doing and be able to fabricate safe and
> > compliant solutions to problems as you encounter them.
> >
> > </rant>
> >
> > CP
> >
> > Varine, Brian R SFC NG NG wrote:
> >> I love Snort but I don't have time to write Perl scripts 
> and hack out
> >> unique fixes. Sourcefire and others are great because no one spends
> >> enough on people to really do what you need. That means I 
> need to get
> >> something that an analyst can take care of and if it's too big for
> >> them, they can get help from dedicated enterprise IT types. It'd be
> >> great if I could find a team of 5 that knows how to fly an 
> IDS, react
> >> to incidents, and be a whiz at Perl for the price most clients are
> >> willing to pay. Even then, with turnover being what it is, can I
> >> expect the next guy to really understand what the previous guy has
> >> done with his Perl scripts? Probably not.
> >>
> > _________________________________________
> > SANS Security 2008 in New Orleans!! January 11-19 2008. Why freeze  
> > up north if you can be in New Orleans.  
> http://www.sans.org/info/15826
> >
> 
> _________________________________________
> SANS Security 2008 in New Orleans!! January 11-19 2008. Why 
> freeze up north if you can be in New Orleans.  
> http://www.sans.org/info/15826
>

More information about the list mailing list