Re: signatures for Oracle Alert 68

["Antonio Javier G. M." <legion () tierramedia org>]

Valdis.Kletnieks () vt edu writes: 

> On Tue, 23 Nov 2004 18:43:22 +0100, "Antonio Javier G. M." said:
> > We need signatures for IDS/IDP for Oracle's alert 68.
                        ^^^^^^^^
Just a reminder for everybody an the archives - In fact the question was 
very clear (see IDS/IDP --> Intrusion detection and prevention) and IDPs/IPS 
are condoms, not doctors, for example netscreen IDP and Nai IPS, an the last 
version of snort (based on snort inline). 



> > How can we protect against these attacks if we can not apply patches in some 
> > platforms? 
>
> Just a reminder for everybody and the archives - unless you're using some sort
> of firewall appliance that doesn't pass a packet that triggers a signature,
> having a signature doesn't actually protect you. 
>
> If you're just using Snort, and it coughs up a "Signature for Oracle 68"
> message, it's *too late*.  That's not a condom, that's the doctor telling you
> the test came back positive. 
>
> (An amazing number of people manage to get confused on this point, and probably
> get hacked as a result....) 

We really know what are we talking about. Please, use google to search for 
IDP or IPS technologies and snortinline. 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html