IDS mailing list archives
Re: ssh and ids
From: Gary Flynn <flynngn () jmu edu>
Date: Mon, 21 Jun 2004 08:43:16 -0400
Runion Mark A FGA DOIM WEBMASTER(ctr) wrote:
Lets suppose the attacker is mildly sophisticated, and after making the initial assault
One chance to trip the IDS
roots the box
Another chance to trip the IDS (or host integrity checking)
and installs a secure backdoor or two
Another chance to trip the IDS.
. Is there any IDS capable of isolating data it cannot read, except to monitor authorized port usage of a system or group of systems?
The Juniper/Netscreen IDP comes with a feature called Profiler that you can set to discover and alert on new port or host appearances. You set it to discover whats normal, then turn on alerting. --------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- ssh and ids Runion Mark A FGA DOIM WEBMASTER(ctr) (Jun 18)
- Re: ssh and ids Adam Powers (Jun 21)
- Re: ssh and ids Martin Roesch (Jun 21)
- Re: ssh and ids Tony Carter (Jun 22)
- Re: ssh and ids Jason (Jun 22)
- Re: ssh and ids Adam Powers (Jun 22)
- Re: ssh and ids Martin Roesch (Jun 23)
- Re: ssh and ids Christian Kreibich (Jun 24)
- Re: ssh and ids Gary Flynn (Jun 21)
- Re: ssh and ids Frank Knobbe (Jun 22)
- Re: ssh and ids Bamm Visscher (Jun 23)
- Re: ssh and ids Frank Knobbe (Jun 23)
- Re: ssh and ids Frank Knobbe (Jun 22)
- <Possible follow-ups>
- Re: ssh and ids Ron Gula (Jun 21)
- RE: ssh and ids Wozny, Scott (US - New York) (Jun 21)
- RE: ssh and ids Omar Herrera (Jun 21)
- RE: ssh and ids Matthew F. Caldwell (Jun 22)
- RE: ssh and ids Frank Knobbe (Jun 22)
- RE: ssh and ids Peter_Schawacker (Jun 22)
- Re: ssh and ids Adam Powers (Jun 22)