Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



IDS: Re: Intrusion Prevention

Re: Intrusion Prevention

From: Jill Tovey <jill.tovey_at_bigbluedoor.com>
Date: 9 Dec 2002 09:46:10 -0000
('binary' encoding is not supported, stored as-is) In-Reply-To: <20021206031213.FGIH2199.lakemtao01.cox.net_at_smtp.east.cox.net>

ActiveScout by all intents and purposes seems a unique and innovative
approach to IDS technologies and provides a number of advantages over
other detection systems, such as proactively detecting reconnaissance
attacks.

However, as far as I can see the disadvantages could be that you can only
run the sensor on a redhat 7.2 platform, which is fairly old now.

On testing it seems to have performed well, however, I have read that
there have been some problems. ActiveScout is good at detecting attacks
that are followed by reconnaissance activities, but does not catch all
direct attacks made on a system.

I think it would work well with an anomaly-based IDS on the internal
network.

Kind Regards,

Jill Tovey
Received on Dec 10 2002

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos