IDS mailing list archives
RE: Definition of Zero Day Protection
From: "Rob Shein" <shoten () starpower net>
Date: Mon, 9 Aug 2004 13:18:32 -0400
I doubt there's a single definition with any kind of official blessing from a standards group of any sort. I would consider it to be the ability of an application or inline system to detect a buffer or heap overflow, format string attack, or something similar...and stop it...without having the ability to precisely recognize it. The last part is the key; it doesn't have to know WHICH one it is, but rather recognize it as an attack based upon a characteristic (like a huge sequence of NOPs) that would be common to most or all such attacks, without regard to whether or not the vulnerability it exploited was previously known or not. Of course, it would be nice from an alerting standpoint to know which attack it was, if it already was a known one, but that's not part of the 'zero day' concept.
-----Original Message----- From: Teicher, Mark (Mark) [mailto:teicher () avaya com] Sent: Sunday, August 08, 2004 9:48 PM To: focus-ids () securityfocus com Cc: Seanor, Joseph (Joe) Subject: Definition of Zero Day Protection What is Zero Day Protection, I think I understand the definition of Zero Day Exploits. But what is Zero Day Protection? Another marketing blurb or it can vendors actually offer zero day protection? Thank you for clarifying my confusion /m -------------------------------------------------------------- ------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_04
0708 to learn more. -------------------------------------------------------------------------- -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- Definition of Zero Day Protection Teicher, Mark (Mark) (Aug 09)
- RE: Definition of Zero Day Protection Rob Shein (Aug 09)
- Re: Definition of Zero Day Protection Joel Snyder (Aug 09)
- Re: Definition of Zero Day Protection Frank Knobbe (Aug 10)
- Re: Definition of Zero Day Protection Ali-Reza Anghaie (Aug 10)
- Re: Definition of Zero Day Protection Stefano Zanero (Aug 10)
- Re: Definition of Zero Day Protection Ali-Reza Anghaie (Aug 11)
- Re: Definition of Zero Day Protection David Maynor (Aug 11)
- Re: Definition of Zero Day Protection Stephen P. Berry (Aug 13)
- Re: Definition of Zero Day Protection Stefano Zanero (Aug 10)
- Re: Definition of Zero Day Protection Martin Roesch (Aug 11)
- <Possible follow-ups>
- RE: Definition of Zero Day Protection Carey, Steve T GARRISON (Aug 09)
- RE: Definition of Zero Day Protection Carey, Steve T GARRISON (Aug 09)
(Thread continues...)