IDS mailing list archives
Re: IDS alerts / second - Correlation - Virtualization
From: Devdas Bhagat <devdas () dvb homelinux org>
Date: Mon, 1 Aug 2005 23:11:54 +0530
On 29/07/05 16:14 -0400, Jason wrote:
The simple answer is because this mail would have never reached us and likely will not reach many already. CAT /ETC/PASSWD is also a perfectly valid Unix command on some systems in all caps. Do you think that this mail can be processed and confidently assured to be safe?
Ignoring the top posting habit, Yes. Mail bodies traditionally are not run through eval(), but pattern matched. Stuff sent to scripts through mail is a different beast, and in general, that code is well written. I have never seen any situation where a mail body contained a script which would be run automatically on a Unix system. Plus, you can just use a current scanner like amavisd-new to only allow valid commands to be sent to the script (per recipient specifications). Devdas Bhagat ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
Current thread:
- Re: IDS alerts / second - Correlation - Virtualization Jason (Aug 01)
- Re: IDS alerts / second - Correlation - Virtualization Devdas Bhagat (Aug 02)
- Re: IDS alerts / second - Correlation - Virtualization Jason (Aug 02)
- Re: IDS alerts / second - Correlation - Virtualization Devdas Bhagat (Aug 03)
- Re: IDS alerts / second - Correlation - Virtualization Jason (Aug 02)
- Re: IDS alerts / second - Correlation - Virtualization Devdas Bhagat (Aug 02)