InfoconDB

Presented at DEF CON 8 (2000), July 30, 2000, noon (50 minutes)

All modern Network Intrusion Detection Systems (NIDS) are succeptable to not only Ptacek and Newsham style attacks, but a variety of other problems that have not yet been addressed. This talk is meant to shed some light on why many NIDS today are referred to as "Network False-positive Recorders" and why current IDS technology cannot handle monitoring high speed network traffic. This discussion is meant to be a direct and straightforward analysis of why the current generation of NIDS will ultimately fail and how we can start taking proactive, not reactive steps in creating the future of intrusion detection technology. This discussion will also include examples of bypassing current intrusion detection systems and how the creation of a high speed, hybrid IDS will address many of the problems outlined in this talk.

Presenters:

John S Flowers - Chief Scientist, Hiverworld, Inc.
Mr. Flowers is the founder of Hiverworld and leads the Core R&D team in creating the Ansible, Swarm and upcoming IDS product. Prior to Hiverworld, Mr. Flowers was the chief architect of Inquisit's individualized news filtering service. He has also held positions as the chief security and Internet Architect at Utilicorp, chief architect of Neurosoft (later became Moviefone); and architect of the interactive voice response system that was the prototype of Wildfire. In the early 1990's he worked as an engineer for Microsoft. John was also on the first team to ever win Capture the Flag at Defcon.

Network IDS - Do not bend, fold, spindle or mutilate

Presenters:

Links:

Similar Presentations: