Dailydave mailing list archives
Re: Sniffing is not the easy answer, Kate.
From: byte_jump <bytejump () gmail com>
Date: Tue, 11 Oct 2005 11:19:30 -0600
On 10/11/05, Paul Melson <pmelson () gmail com> wrote:
The problem with this model of evasion is that in the state you describe, it's a faux threat. It only exists in a contrived environment where we presume monitoring occurs. So a sanctioned pen test gets by my NIDS, so what? Or if I'm a NIDS vendor, so my product and all but one of my competitors' products fail this one line item test in an eval, so what? It won't be a big deal until it exists in the wild and becomes an actual threat. At which point, it will be possible for the algorithm to be analyzed and low-cost detection for it will be added to the various NIDS products. What will be even more fascinating is when the NIDS vendors' researchers discover an unpredictably common pattern of nop sled that is unique to your algorithm that lets them write a signature for it. :-)
An admission that NIDS products == antivirus products. "We protect you - as long as five percent of your peers have alerted us to the fact that they got owned and have provided us with samples!" "The malice software used by the hackers – W 32.Toxbot – was discovered at the beginning of this year. The virus enables uninhibited access to the infected computer. The Toxbot registers all keyboard actions of the infected computers and sends this information to the cyber-criminals. Anti-virus software has been available for some time. The hackers, however, frequently revised the virus, in a catch up game with the anti virus producers." http://www.om.nl/?s=3&p=lp&id=5146
Current thread:
- Sniffing is not the easy answer, Kate. Dave Aitel (Oct 11)
- Re: Sniffing is not the easy answer, Kate. Ron Gula (Oct 11)
- RE: Sniffing is not the easy answer, Kate. Paul Melson (Oct 11)
- Re: Sniffing is not the easy answer, Kate. byte_jump (Oct 11)
- RE: Sniffing is not the easy answer, Kate. Paul Melson (Oct 11)
- RE: Sniffing is not the easy answer, Kate. Sash (Oct 11)
- Re: Sniffing is not the easy answer, Kate. byte_jump (Oct 11)
- Re: Sniffing is not the easy answer, Kate. Andrew R. Reiter (Oct 11)