IDS mailing list archives

Re: SourceFire RNA

From: Michael Stone <mstone () mathom us>
Date: Thu, 4 Dec 2003 20:14:21 -0500

On Wed, Dec 03, 2003 at 11:35:07AM -0500, Martin Roesch wrote:

On Dec 2, 2003, at 12:17 PM, Lior Tal wrote:
Many thanks for the reply.
When a computer is installed it usually includes many services that are
inactive and therefore passive detection may identify the device (IPand
OS) but it would be difficult or impossible to detect inactive services
that reflect open ports. These inactive services as far as I understand
still present vulnerabilities within the network.
They may, they may not. I don't know of any current vulnerabilities inecho or daytime, but MS RPC is another story.


Are you really discounting all of the services people tend to leave
turned on but never use? Heck, MS RPC is a good example of that--there
are a whole lot more windows machines that have RPC DCOM enabled than
actually need to do DCOM on the wire.

Mike Stone

---------------------------------------------------------------------------
---------------------------------------------------------------------------

Current thread:

Re: SourceFire RNA, (continued)
- - - Re: SourceFire RNA Jason (Dec 03)
    - Re: SourceFire RNA Renaud Deraison (Dec 03)
    - Re: SourceFire RNA Jason (Dec 03)
    - Re: SourceFire RNA Renaud Deraison (Dec 03)
- Re: SourceFire RNA Martin Roesch (Dec 02)
  - RE: SourceFire RNA Lior Tal (Dec 03)
    - Re: SourceFire RNA Martin Roesch (Dec 03)
    - Re: SourceFire RNA Ron Gula (Dec 03)
    - Re: SourceFire RNA Martin Roesch (Dec 03)
    - Re: SourceFire RNA Ron Gula (Dec 03)
    - Re: SourceFire RNA Michael Stone (Dec 05)
- RE: SourceFire RNA Teicher, Mark (Mark) (Dec 09)