IDS mailing list archives
Re: IDS vs. IPS deployment feedback
From: Paul Schmehl <pauls () utdallas edu>
Date: Wed, 12 Apr 2006 10:55:03 -0500
Palmer, Paul (ISSAtlanta) wrote:
Of course Andrew's point was that this is the norm, not the exception. If snort has ever detected a vulnerability before ISS, then his point is rather moot, wouldn't you say?Paul Schmehl wrote:Interesting. Please provide an example of where ISS was detecting a vulnerability before snort was.I can give you several off the top of my head: MS05-039/CVE-2005-1983 (Stack overflow in UPNP BO) MS05-021/CVE-2005-0560 (Heap overflow in the Microsoft Exchange X-LINK2STATE verb) CVE-2006-0058 (the recent race condition in the Sendmail signal handler) Granted, ISS discovered all three of these and that is why it had protection in its products before SNORT (in some cases a long time before SNORT or any other vendor). But, then I believe this is the point that Andrew was trying to make.
-- Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas http://www.utdallas.edu/ir/security/
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- Re: IDS vs. IPS deployment feedback, (continued)
- Re: IDS vs. IPS deployment feedback Stefano Zanero (Apr 15)
- RE: IDS vs. IPS deployment feedback Basgen, Brian (Apr 10)
- RE: IDS vs. IPS deployment feedback Andrew Plato (Apr 10)
- Re: IDS vs. IPS deployment feedback Richard Bejtlich (Apr 11)
- RE: IDS vs. IPS deployment feedback Mike Barkett (Apr 13)
- Re: IDS vs. IPS deployment feedback Jason (Apr 13)
- Re: IDS vs. IPS deployment feedback Richard Bejtlich (Apr 11)
- RE: IDS vs. IPS deployment feedback Palmer, Paul (ISSAtlanta) (Apr 11)
- RE: IDS vs. IPS deployment feedback Andrew Plato (Apr 13)
- RE: IDS vs. IPS deployment feedback Kyle Quest (Apr 13)
- RE: IDS vs. IPS deployment feedback Palmer, Paul (ISSAtlanta) (Apr 13)
- Re: IDS vs. IPS deployment feedback Paul Schmehl (Apr 15)
- RE: IDS vs. IPS deployment feedback Cojocea, Mike (IST) (Apr 13)
- RE: IDS vs. IPS deployment feedback Gary Halleen (ghalleen) (Apr 13)
- Re: IDS vs. IPS deployment feedback Randal T. Rioux (Apr 18)
- Re: IDS vs. IPS deployment feedback Frank Knobbe (Apr 13)
- RE: IDS vs. IPS deployment feedback Basgen, Brian (Apr 13)
- RE: IDS vs. IPS deployment feedback Palmer, Paul (ISSAtlanta) (Apr 15)
- RE: IDS vs. IPS deployment feedback Biswas, Proneet (Apr 15)
- RE: IDS vs. IPS deployment feedback Palmer, Paul (ISSAtlanta) (Apr 15)
- RE: IDS vs. IPS deployment feedback Mark Teicher (Apr 15)
- RE: IDS vs. IPS deployment feedback PPowenski (Apr 19)
(Thread continues...)