IDS mailing list archives
Re: IDS is dead, etc
From: Paul Schmehl <pauls () utdallas edu>
Date: Wed, 06 Aug 2003 06:39:28 -0500
--On Tuesday, August 05, 2003 13:11:37 -0400 "David W. Goodrum" <dgoodrum () nfr com> wrote:
One, provide the customer with more information (i.e. I see nimda alerts, but it also says that the dest OS is RedHat, therefore the end user can ignore it).
This brings up what I guess is a philosophical question. Why would you want to know about Nimda attacks against your servers? If you're properly secured, they won't have any effect. And if you're not, you'll know about them soon enough.
I've altered all these types of rules to alert me when a host *inside* our network is infected. Now *that* I want to know about. To me, Nimda/Code Red/Slammer attacks from the outside are just part of the background noise of the Internet.
Am I wrong to think this way? Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu ---------------------------------------------------------------------------Captus Networks - Integrated Intrusion Prevention and Traffic Shaping - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
- Automatically Control P2P, IM and Spam Traffic - Ensure Reliable Performance of Mission Critical Applications Precisely Define and Implement Network Security and Performance Policies **FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo Visit us at: http://www.captusnetworks.com/ads/31.htm ---------------------------------------------------------------------------
Current thread:
- Re: IDS is dead, etc Burak DAYIOGLU (Aug 05)
- Re: IDS is dead, etc Martin Roesch (Aug 05)
- Re: IDS is dead, etc David W. Goodrum (Aug 05)
- Re: IDS is dead, etc Paul Schmehl (Aug 06)
- Re: IDS is dead, etc Bennett Todd (Aug 06)
- Re: IDS is dead, etc maz (Aug 07)
- Re: IDS is dead, etc M. Dodge Mumford (Aug 07)
- Re: IDS is dead, etc Paul Schmehl (Aug 06)
- <Possible follow-ups>
- RE: IDS is dead, etc Tom Arseneault (Aug 06)
- RE: IDS is dead, etc Mark Tinberg (Aug 07)
- RE: IDS is dead, etc Tom Arseneault (Aug 07)
- Re: IDS is dead, etc Sebastian Schneider (Aug 07)
- Re: IDS is dead, etc Barry Fitzgerald (Aug 07)
- Re: IDS is dead, etc Bennett Todd (Aug 08)
- Re: IDS is dead, etc Sam f. Stover (Aug 11)