Dailydave mailing list archives
RE: Britney and Kevin are Chaotic
From: "El Nahual" <nahual () g-con org>
Date: Fri, 27 May 2005 00:14:49 -0500
Fastly and stupidly saying, there is a nice solution to stop all malware and virus and bds, sign your shit and get anal on getting it to work, you can heck out the stuff on www.se46.se we are coding the unix version of it (so i wont get that tramped once it gets known) But hey works nice, better safe than sorry if you don't let any binaries run, at least will stop you from BDs and weird behaviour for stupid coding (AkA bug stuff and memory related stuff) PaX can get ya safe enough? (www.ngsec.com has a wintendo version of PaX) //Nahual -----Mensaje original----- De: dailydave-bounces () lists immunitysec com [mailto:dailydave-bounces () lists immunitysec com] En nombre de Andrew R. Reiter Enviado el: Friday, May 27, 2005 12:07 AM Para: byte_jump CC: dailydave () lists immunitysec com Asunto: Re: [Dailydave] Britney and Kevin are Chaotic On Thu, 26 May 2005, byte_jump wrote: :The cost of rolling out a Tripwire or Tripwire-like solution to :desktops in even a medium sized enterprise would be out of this world :compared to a couple of well placed NIDS, but I believe the two meet :different goals. : :I don't think one can rely on a NIDS to provide the level of detection :that Tripwire can, and vice versa. For example, a NIDS would not :likely detect a private, zero-day exploit against an Apache server :while Tripwire may detect the alteration of files (maybe not). I think :PaX or something like that would be more useful in that regard, but :the two would compliment each other. : :On the other hand, it's not likely that Tripwire would detect that two :desktops are acting as their own SMTP servers to send mail - though a :NIDS could. : :Again, trying to roll out something like Tripwire or PaX on an :enterprise network is next to impossible - and what do you do with all :of your Windows desktops? : :Examples of what NIDS would be useful for, in my opinion, would be: :- Detect anomalous SMTP servers on the network. :- Detect unauthorized DNS or DHCP servers on a network. :- Detect IRC traffic. :- Detect traffic above a certain threshold. :- Detect an unsolicited ICMP echo reply or other potential covert channels. : :There are other examples, but those quickly come to mind. Mmm; I love how these products exist and people are ignorant of them. : :On 5/26/05, Adam Shostack <adam () homeport org> wrote: :> :> Really? Why not tripwire a few hosts? Or wait for something bad to :> happen? :> :> Can you show me that spending on an IDS really leads to lower incident :> handling costs? (I suspect that it could, but have no data.) :> :> Adam :> :_______________________________________________ :Dailydave mailing list :Dailydave () lists immunitysec com :https://lists.immunitysec.com/mailman/listinfo/dailydave : : -- Andrew R. Reiter arr () watson org _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: Britney and Kevin are Chaotic, (continued)
- Re: Britney and Kevin are Chaotic Rodney Thayer (May 26)
- Re: Britney and Kevin are Chaotic Steve Lord (May 26)
- Re: Britney and Kevin are Chaotic Chris Anley (May 26)
- Re: Britney and Kevin are Chaotic byte_jump (May 26)
- Re: Britney and Kevin are Chaotic Chris Anley (May 26)
- Re: Britney and Kevin are Chaotic Adam Shostack (May 26)
- Re: Britney and Kevin are Chaotic byte_jump (May 26)
- Re: Britney and Kevin are Chaotic Holden Williamson (May 26)
- Re: Britney and Kevin are Chaotic dan (May 26)
- Re: Britney and Kevin are Chaotic Andrew R. Reiter (May 26)
- RE: Britney and Kevin are Chaotic El Nahual (May 26)
- Re: Britney and Kevin are Chaotic joanna (May 27)
- RE: Britney and Kevin are Chaotic El Nahual (May 27)
- Re: Britney and Kevin are Chaotic joanna (May 27)
- Re: Britney and Kevin are Chaotic Steve Lord (May 27)