IDS mailing list archives

Re: IDS vs. IPS deployment feedback

From: virtuale () hushmail com
Date: 20 Apr 2006 22:13:27 -0000

Paul,

we prefer to recommend blocking for a signature >after it has been in the field for a month or >two.


For a critical vulnerability, would you disagree that waiting a month or two to test a signature in the field before 
deploying it is unacceptable?

vulnerability. The behavioral signatures match on >consistent elements of malware that we see >repeated regardless of 
the vulnerability >exploited.


So the behavioural signatures detect malware and not vulnerabilities. Are there any behavioural signatures for 
vulnerabilities?

V

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------

Current thread:

RE: IDS vs. IPS deployment feedback, (continued)
- RE: IDS vs. IPS deployment feedback Cojocea, Mike (IST) (Apr 13)
- RE: IDS vs. IPS deployment feedback Gary Halleen (ghalleen) (Apr 13)
  - Re: IDS vs. IPS deployment feedback Randal T. Rioux (Apr 18)
- Re: IDS vs. IPS deployment feedback Frank Knobbe (Apr 13)
- RE: IDS vs. IPS deployment feedback Basgen, Brian (Apr 13)
- RE: IDS vs. IPS deployment feedback Palmer, Paul (ISSAtlanta) (Apr 15)
- RE: IDS vs. IPS deployment feedback Biswas, Proneet (Apr 15)
- RE: IDS vs. IPS deployment feedback Palmer, Paul (ISSAtlanta) (Apr 15)
- RE: IDS vs. IPS deployment feedback Mark Teicher (Apr 15)
- RE: IDS vs. IPS deployment feedback PPowenski (Apr 19)
- Re: IDS vs. IPS deployment feedback virtuale (Apr 21)