IDS mailing list archives
Re: Announcement: Alert Verification for Snort
From: Michael Stone <mstone () mathom us>
Date: Sat, 25 Oct 2003 09:39:26 -0400
On Fri, Oct 24, 2003 at 05:49:29PM -0700, Michael Sierchio wrote:
Not so, IMHO. Attempts at intrusion are of interest, reconnaissanceis of interest
In what way? Excluding security researchers and infowar types--focusing on end-user consumers--what is to be done with that information? I guarantee that right now every machine on the internet is being hit by probes. It's a fact of life. But let's say that a small business owner has a magic box that tells him that he's been hit by 1M scans today--what should he do with that information? Physical world analogies are inappropriate because in the physical world you don't have people constantly walking by and beating on your door. Strategically, on a large scale, accross organizations, or for certain types of organizations, it can make sense to know about attempts. But in the general case for the overworked, understaffed part time security team that's the normal case that information is no more than noise. Mike Stone --------------------------------------------------------------------------- Network with over 10,000 of the brightest minds in information security at the largest, most highly-anticipated industry event of the year. Don't miss RSA Conference 2004! Choose from over 200 class sessions and see demos from more than 250 industry vendors. If your job touches security, you need to be here. Learn more or register athttp://www.securityfocus.com/sponsor/RSA_focus-ids_031023 and use priority code SF4.
---------------------------------------------------------------------------
Current thread:
- Re: Announcement: Alert Verification for Snort, (continued)
- Re: Announcement: Alert Verification for Snort Michael Stone (Oct 23)
- Re: Announcement: Alert Verification for Snort Martin Roesch (Oct 23)
- Re: Announcement: Alert Verification for Snort Sam f. Stover (Oct 23)
- Re: Announcement: Alert Verification for Snort Christopher Kruegel (Oct 23)
- Re: Announcement: Alert Verification for Snort Sam f. Stover (Oct 23)
- Re: Announcement: Alert Verification for Snort Martin Roesch (Oct 24)
- Re: Announcement: Alert Verification for Snort Martin Roesch (Oct 23)
- Re: Announcement: Alert Verification for Snort Randy Taylor (Oct 23)
- Re: Announcement: Alert Verification for Snort Michael Stone (Oct 24)
- Re: Announcement: Alert Verification for Snort Michael Sierchio (Oct 24)
- Re: Announcement: Alert Verification for Snort Michael Stone (Oct 27)
- Re: Announcement: Alert Verification for Snort Martin Roesch (Oct 23)
- Re: Announcement: Alert Verification for Snort Michael Sierchio (Oct 23)
- Re: Announcement: Alert Verification for Snort Ron Gula (Oct 23)
- Re: Announcement: Alert Verification for Snort Frank Knobbe (Oct 24)
- Re: Announcement: Alert Verification for Snort Barry Fitzgerald (Oct 24)
- RE: Announcement: Alert Verification for Snort Craig H. Rowland (Oct 24)
- Re: Announcement: Alert Verification for Snort Robin Sommer (Oct 24)
- Re: Announcement: Alert Verification for Snort Martin Roesch (Oct 23)
- Re: Announcement: Alert Verification for Snort Michael Krieger (Oct 24)