Re:

[Richard Hopkins <Richard.Hopkins () BRISTOL AC UK>]

--On 20 July 2006 13:30 +0000 John Kaftan <jkaftan () HOTMAIL COM> wrote:

> We are looking into Intrusion Prevention Systems.  We have looked at
> Tipping-Point are about to look at Cisco MARS.  Does anyone have any
> experiences that they care to share?

My only experience of MARS is this:

<http://www.frsirt.com/english/advisories/2006/2887>

(dated 19th July 2006)

The Cisco Advisory is at:

<http://www.cisco.com/warp/public/707/cisco-sa-20060719-mars.shtml>

ISC's take on this is:

Cisco released earlier today an advisory pointing out vulnerabilities in
one of their security managment products: Cisco Security Monitoring,
Analysis and Response System (CS-MARS).

* The included Oracle database has default passwords
* The included JBoss webserver allows remote code execution
* A privilege escalation problem that allows administrators to gain root
access to the machine

:-(

Richard