IDS mailing list archives
Re: signature based IDS/IPS effectiveness
From: GMail <mayur100 () gmail com>
Date: Thu, 10 Jan 2008 15:32:28 +0530
Thanks Jamie and Stefano for noticing my issues, 90% of commercial database specific IDS/IPS systems do "signature matching" exploit detection. They are stateless and mostly based on snort. So does this mean that all they can do is stop public exploits. If someone modifies the exploit then the signatures will fail and by that means the appliances too ? Limiting privileges to minimum required levels and installing minimum required of modules on databases will definitely reduce the risk ratio, but is it sufficient? What about vulnerabilities by which normal user can get superuser privileges or carry out DOS on database services. Is there any way to stop these kinds of attacks? Which would be the best available database security product to handle all these issues? ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
Current thread:
- Re: Preventing layer 3/4 evasions Martin Roesch (Jan 07)
- Re: Preventing layer 3/4 evasions Jeremy Bennett (Jan 09)
- <Possible follow-ups>
- RE: Preventing layer 3/4 evasions Mike Barkett (Jan 07)
- signature based IDS/IPS effectiveness GMail (Jan 09)
- Re: signature based IDS/IPS effectiveness Stefano Zanero (Jan 09)
- Looking for feedback on anomaly-based IDS systems Libershal, David M. (Jan 09)
- Re: Looking for feedback on anomaly-based IDS systems p1g (Jan 10)
- Re: signature based IDS/IPS effectiveness Jamie Riden (Jan 10)
- Re: signature based IDS/IPS effectiveness GMail (Jan 10)
- RE: signature based IDS/IPS effectiveness Nelson Brito (Jan 10)
- Re: signature based IDS/IPS effectiveness Paul Schmehl (Jan 10)
- signature based IDS/IPS effectiveness GMail (Jan 09)
- Message not available
- Re: signature based IDS/IPS effectiveness Jamie Riden (Jan 10)