IDS mailing list archives
IDS event filtering
From: "Billy Dodson" <CraftedPacket () securitynerds org>
Date: Fri, 31 Dec 2004 15:37:29 -0000 (GMT)
I am wanting to get an idea of what you guys out there filter from your IDS sensors. Some of the sensors I monitor get TONS of events for MSSQL control overflows. If the customer is patched for slammer and does not have any SQL services on the internet, is it safe to filter out those events? Do you still want to see that traffic even though you know your are not vulnerable? Thanks! -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- IDS event filtering Billy Dodson (Dec 31)
- <Possible follow-ups>
- RE: IDS event filtering Harper, Patrick (Dec 31)