IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Cisco CTR

From: Petr Ruzicka <pruzicka () openbsd cz>
Date: Sat, 8 Nov 2003 03:24:27 +0000
Hi,

Liran Chen [liranil () optonline net] wrote:    

2. CTR is a kind of Nessus or NMAP that check the offended host?


AFAIK CTR will nmap offended host in first phase, check OS. If, in present time, OS is, M$ Win, in second phase, CRT 
will, if could do that, loig in to offended host, check if attack succedded and let you know.

 1. you have to have give CTR access to your NT host

 2. if attack was successfull, Cisco IDS did know about it, as it has signatures, so potential exploit was know, as was 
bug. So you should fix and patch that bug anyway (via Windows update, CVS etc.). If bug was/it unknown to IDS/CRT will 
not notice as it has no signature for it and CRT doesn't matter.

Petr R.

---------------------------------------------------------------------------
Network with over 10,000 of the brightest minds in information security
at the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and
see demos from more than 250 industry vendors. If your job touches
security, you need to be here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_focus-ids_031023 
and use priority code SF4.
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: