[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Symantec Manhunt ?

To: <full-disclosure@lists.netsys.com>
Subject: Re: [Full-Disclosure] Symantec Manhunt ?
From: "Clint Bodungen" <clint@secureconsulting.com>
Date: Wed, 17 Dec 2003 12:38:01 -0600

>> ManHunt has been tested at up to 2 gigabits per second.

>lol.... well, that's great, but how did it *perform* at 2 Gbps? How many
>packets did it drop, how many alerts did it miss, munge or misinterpret?
>Would you mind sharing the real results?

Actually, I used to do SQA for Symantec's NIDS development team so I'm not
sure I can disclose what their benchmark target release numbers are but I
can tell you they are very strict about their success rate percentages
before release (for dropped packets and alerts)

In your defense, I haven't actually tested it at those speeds myself in the
"real world" yet and as with any IDS I find there is a certain amount of
"tweaking" to eliminate the false positives.  Especially on the anomaly
detection.



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] Symantec Manhunt ?
  - From: "Frederic Charpentier" <fcharpentier@xmcopartners.com>
- Re: [Full-Disclosure] Symantec Manhunt ?
  - From: "Clint Bodungen" <clint@secureconsulting.com>
- Re: [Full-Disclosure] Symantec Manhunt ?
  - From: <misiu_@gmx.de>
- Re: [Full-Disclosure] Symantec Manhunt ?
  - From: "Clint Bodungen" <clint@secureconsulting.com>
- Re: [Full-Disclosure] Symantec Manhunt ?
  - From: Frank Knobbe <frank@knobbe.us>

Prev by Date: Re: [Full-Disclosure] PayPal issues another blow to user security
Next by Date: RE: [Full-Disclosure] IE Content Manager
Previous by thread: Re: [Full-Disclosure] Symantec Manhunt ?
Next by thread: RE: [Full-Disclosure] A new TCP/IP blind data injection technique ?
Index(es):
- Date
- Thread