[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <200309252018.h8PKIdL21435@netsys.com>
From: matsu at mailvault.com (Matsu Kandagawa)
Subject: An open question for Snort and Project Honeynet
-----BEGIN PGP SIGNED MESSAGE-----
From: Schmehl, Paul L (pauls_at_utdallas.edu)
Date: Sep 25 2003
>One more in the idiot bin
The fact that the best you can do is call me an idiot for having the
temerity to raise deadly serious issues says a lot more about you than
it does me. It might be okay to toss off a dismissive one-liner to some
zittey teenager, but if you can't tell the difference based on what I've
written, God help you.
Of course, since it's likely you've never done any research into the
detectability of these tools yourself, I see no particular reason you
should find yourself qualified to respond one way or the other. Your two
cents from the peanut gallery might actually mean something if it were
coming from a real researcher-- sadly, not the case at all. Just get
back to your administrative drudgework or whatever it is you do to kill
time in Texas and stay out of it if you have nothing constructive to
contribute.
Anyway, I'm not pretending to be some kind of Snort expert, so if in my
ignorance I failed to see that "off-by-one's, integer overflows, and
logic bugs" is some kind of a bluff, I'm perfectly willing to own up to
it.
However, I certainly reserve the right to ask, especially in light of
the snake-oil carnival huckster "Everybody
relax-it-doesn't-matter-that-we-got-owned" nature of Snort's
spin-doctoring response. It forces me to call into question both the
honesty and the competence of the entire organization. I was already far
from being impressed by the technical capablities of one of their team
members I met at a conference who struck me as being far outclassed in
terms of skills by the people challenging him. Which wouldn't be any big
news, except that Snort really is about the best we've got. And that's
sad.
My lack of Snort expertise notwithstanding, I am intimately familiar
with deception as applied to CND. It makes me literally sick to my
stomach to hear some of you (you know who you are) cackling among your
friends about how much money you were able to pry out of the government
for research products which are nothing but an overhyped fraud. You've
all heard it. You know when you've done it.
Either you know perfectly well when, where and how your honeypot tools
can be detected and are defrauding your sponsors, or you can't tell and
are stupid. I suppose I've been giving you the benefit of the doubt by
assuming the former. And if you know and you can't fix it, for God's
sake lay off of your Mickey Mouse con job already, it's embarrassing.
To the guilty: the next time I see you at a conference, I'll smile,
shake your hand and make polite chit chat, like I always have.
All the while wishing I could spit in your face.
Like I always have.
And the sheer beauty of it is you'll never know the difference.
Here's to honesty,
Matsu.
-----BEGIN PGP SIGNATURE-----
Version: MailVault 2.2 from Laissez Faire City http://www.mailvault.com
iQA/AwUAP3NND2M5xTGTuR0REQLywwCfa1nb54htRXoHzgVI/f6UuXuO794AnjIN
5JAPiuScXcWs8WIJiN88rilX
=1+Nr
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists