[910] in Intrusion Detection Systems
No subject found in mail header
daemon@ATHENA.MIT.EDU (Justin J. Lister)
Sun Apr 20 02:26:47 1997
From: ruf@uow.edu.au (Justin J. Lister)
To: ids@uow.edu.au (Intrusion Detection System Mailing List)
Date: Sun, 20 Apr 1997 13:24:15 +1000 (EST)
Reply-To: ids@uow.edu.au
Message-Id: <199704062126.PAA02129@riposte.EnGarde.com>
X-Mailer: exmh version 2.0gamma 1/27/96
To: ids@uow.edu.au
Subject: Re: SecureNet PRO
In-reply-to: alexf@mail.iss.net message
Reply-To: mcn@EnGarde.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Sun, 06 Apr 1997 15:26:05 -0600
From: Mike Neuman <mcn@riposte.EnGarde.com>
From: Alex F <alexf@iss.net>
> From Eliott Turner <eht1@nrv.net>
> >BLACKSBURG, VA. March 26, 1997 - MimeStar, Inc. today announced the first
> >shipments of its SecureNet PRO v2.0...
>
> Hmm. A RealSecure clone.
MimeStar is the same company who started with an almost EXACT duplicate of
our IP-Watcher (down to the list of features and interface). We came out with
v1.2, and two weeks later, MimeStar had a new version again copying our exact
list of features.
About a month before MimeStar came out with SecureNet PRO v1.0, I got an
email message from Elliot Turner saying, "We're coming out with a Linux version
of IP-Watcher. It will be named 'Net-Watcher'." After informing him of the
clear trademark violation, he responded, "That'll be for the lawyers to
decide."
> >... Using MimeStar, Inc.'s proprietary EradiScan
> >technology SecureNet PRO is able to detect and respond to network attacks
> >that have yet to be discovered by the security community.
>
> Umm,exactly how is that possible? Detect NEW security vulnerabilities that
> have yet to be discovered by the security community? This I would like to see!
I'd also take what he says with a grain of salt. His original press release
for SecureNet PRO had words like, "We invented TCP Hijacking" and "Ours is the
ONLY product which allows you to monitor sessions." and "We invented this
sniffing technology." Unless his middle name(s) is "Van Jacobsen", I have some
doubts. :-)
> While I do not wish to speak badly of the competition, there are a few
> things that I would like to mention. This tool allows for termination of
> connections based on certain keystrokes. [censorship...]
Personally, I think the censorship issue is moot. Just because a technology
makes oppression possible doesn't mean the technology is inheirently bad.
Besides, many organizations that we've dealt with have very specific policies
saying, "You will ONLY use these systems for work, and everything on them
belongs to the Company."
While this draconian approach may not be popular, it's certainly
understandable. Most would rather not pay employees to browse the web for
personal reasons, especially when Internet connections are available for
$19.95 for home use.
> The product also does session Hijacking. I would
> really like to know the purpose of this.
Hijacking does have some particularly valuable uses in Intrusion Response.
As an example, imagine someone breaks into your site, makes a tar, and FTPs
it off back to his home site. Using hijacking, you can abort the FTP, and
remove any copies of that tar. While the legal issues of this are still up
in the air, I've been extremely happy to have this tool available to me on
several occasions. Until the legal foundation exists (and police can respond
in the minutes required to catch an intruder), having powerful tools like
this at our disposal is a necessity. (Incidentally, En Garde teaches a
course on intrusion response and performs IR on behalf of our customers.
References to some of the free tools we use is available at:
http://www.engarde.com/~mcn/response
Again, because a technology allows oppression doesn't make it bad.
-Mike
mcn@EnGarde.com
