Full Disclosure mailing list archives
Re: signatures for Oracle Alert 68
From: "Antonio Javier G. M." <legion () tierramedia org>
Date: Wed, 24 Nov 2004 12:54:31 +0100
Valdis.Kletnieks () vt edu writes:
On Tue, 23 Nov 2004 18:43:22 +0100, "Antonio Javier G. M." said:We need signatures for IDS/IDP for Oracle's alert 68.
^^^^^^^^Just a reminder for everybody an the archives - In fact the question was very clear (see IDS/IDP --> Intrusion detection and prevention) and IDPs/IPS are condoms, not doctors, for example netscreen IDP and Nai IPS, an the last version of snort (based on snort inline).
How can we protect against these attacks if we can not apply patches in some platforms?Just a reminder for everybody and the archives - unless you're using some sort of firewall appliance that doesn't pass a packet that triggers a signature,having a signature doesn't actually protect you.If you're just using Snort, and it coughs up a "Signature for Oracle 68" message, it's *too late*. That's not a condom, that's the doctor telling youthe test came back positive.(An amazing number of people manage to get confused on this point, and probablyget hacked as a result....)
We really know what are we talking about. Please, use google to search for IDP or IPS technologies and snortinline.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- HAPPY BIRTHDAY: Yahoo & AmericanGreetings.com http-equiv () excite com (Nov 22)
- Re: HAPPY BIRTHDAY: Yahoo & AmericanGreetings.com john morris (Nov 23)
- Re: signatures for Oracle Alert 68 Antonio Javier G. M. (Nov 23)
- Re: Re: signatures for Oracle Alert 68 Valdis . Kletnieks (Nov 23)
- Re: signatures for Oracle Alert 68 Antonio Javier G. M. (Nov 24)
- Re: Re: signatures for Oracle Alert 68 Valdis . Kletnieks (Nov 24)
- Re: signatures for Oracle Alert 68 Antonio Javier G. M. (Nov 23)
- Re: Re: signatures for Oracle Alert 68 nirvana (Nov 24)
- Re: HAPPY BIRTHDAY: Yahoo & AmericanGreetings.com john morris (Nov 23)