IDS mailing list archives
Re: SourceFire RNA
From: Michael Stone <mstone () mathom us>
Date: Thu, 4 Dec 2003 20:14:21 -0500
On Wed, Dec 03, 2003 at 11:35:07AM -0500, Martin Roesch wrote:
On Dec 2, 2003, at 12:17 PM, Lior Tal wrote:Many thanks for the reply. When a computer is installed it usually includes many services that areinactive and therefore passive detection may identify the device (IP andOS) but it would be difficult or impossible to detect inactive services that reflect open ports. These inactive services as far as I understand still present vulnerabilities within the network.They may, they may not. I don't know of any current vulnerabilities in echo or daytime, but MS RPC is another story.
Are you really discounting all of the services people tend to leave turned on but never use? Heck, MS RPC is a good example of that--there are a whole lot more windows machines that have RPC DCOM enabled than actually need to do DCOM on the wire. Mike Stone --------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- Re: SourceFire RNA, (continued)
- Re: SourceFire RNA Jason (Dec 03)
- Re: SourceFire RNA Renaud Deraison (Dec 03)
- Re: SourceFire RNA Jason (Dec 03)
- Re: SourceFire RNA Renaud Deraison (Dec 03)
- RE: SourceFire RNA Lior Tal (Dec 03)
- Re: SourceFire RNA Martin Roesch (Dec 03)
- Re: SourceFire RNA Ron Gula (Dec 03)
- Re: SourceFire RNA Martin Roesch (Dec 03)
- Re: SourceFire RNA Ron Gula (Dec 03)