Re: Tao of doing it right: Ignoring bad advice and doing it the Bilano way!

[Richard Bejtlich <taosecurity () gmail com>]

On Tue, 22 Feb 2005 12:53:50 -0800,
snort-users-request () lists sourceforge net
<snort-users-request () lists sourceforge net> wrote:
> See, at first I decided I would use this Squil IDS thing but that crazy
> Russian guy that wrote down the docs said I needed to keep every packet
> in a database (who has time for being a packet rat like that?) to make
> sure I don't get hackered by the nerds! Well that makes a whole hell of
> a lot of sense! If you keep them online in a database and you get hacked
> then the hacker will be able to just copy and paste them packets and
> whammo! Instant replay attack! Maybe I should I gift wrap them too?
> Smart thinking there you Bolshevik dundernuts! First Northcut drops his
> drawers at SANS and now this Betjitch guy wants to pinch it off for the
> hackers! His book should be called Tao of Network Reach-arounds!

This is funny.  Russian is close, but I think my heritage lies a
little farther west of Moscow.  :)

Sguil does try to log packets to collect full content data, but never
to a database Billy boy!  That's Silent Runner, not Sguil.

I'm glad you liked my book.  I'm working on a sequel you'll love.

Richard Bejtlich
http://www.taosecurity.com


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users