Educause Security Discussion mailing list archives
Re:
From: Richard Hopkins <Richard.Hopkins () BRISTOL AC UK>
Date: Thu, 20 Jul 2006 16:05:36 +0100
--On 20 July 2006 13:30 +0000 John Kaftan <jkaftan () HOTMAIL COM> wrote:
We are looking into Intrusion Prevention Systems. We have looked at Tipping-Point are about to look at Cisco MARS. Does anyone have any experiences that they care to share?
My only experience of MARS is this: <http://www.frsirt.com/english/advisories/2006/2887> (dated 19th July 2006) The Cisco Advisory is at: <http://www.cisco.com/warp/public/707/cisco-sa-20060719-mars.shtml> ISC's take on this is: Cisco released earlier today an advisory pointing out vulnerabilities in one of their security managment products: Cisco Security Monitoring, Analysis and Response System (CS-MARS). * The included Oracle database has default passwords * The included JBoss webserver allows remote code execution * A privilege escalation problem that allows administrators to gain root access to the machine :-( Richard
Current thread:
- Re: Richard Hopkins (Jul 20)