Full Disclosure mailing list archives
Re: Is Marty Lying?
From: "Gregory A. Gilliss" <ggilliss () netpublishing com>
Date: Mon, 22 Sep 2003 13:04:27 -0700
Peter: Intrusion Detection systems are designed to detect intrusions. Period. No one AFAIK has yet developed the Intrusion Prediction system. If you have an alpha version lying around, pls respond with a link. I'm sure that you will quickly be deluged with download requests =;^) Reactive is the nature of the beast, a point that has been rehashed many many times here and elsewhere. No finite state machine can anticipate or detect the virus that I am right now writing, unless I foolishly make part of the binary match an existing sig. there will *always* be a latency between action and response. One of the things that people on this list do is attempt to assist each other in minimizing that latency. Now, if we could only get some of the vendors onboard >-) G On or about 2003.09.22 21:23:52 +0000, Peter Busser (peter () trusteddebian org) said:
Hi!3) Why the fuck do people still thing signature-based IDS is worthwhile?Give us another solution. Are you saying anomoly based ids signatures are _worthwhile_?The problem with IDS systems is the same problem that currently available virus scanners have: They work reactive and not proactive. Making machines harder to break into and improve ways to enforce a security policy (e.g. by using Mandatory Access Control (MAC)) would be one way to proactively deal with security.
-- Gregory A. Gilliss, CISSP Telephone: 1 650 872 2420 Computer Engineering E-mail: greg () gilliss com Computer Security ICQ: 123710561 Software Development WWW: http://www.gilliss.com/greg/ PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4 14 0E 8C A3 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Is Marty Lying? security snot (Sep 22)
- Re: Is Marty Lying? Martin Roesch (Sep 22)
- Re: Is Marty Lying? security snot (Sep 22)
- Re: Is Marty Lying? james (Sep 22)
- Re: Is Marty Lying? Blue Boar (Sep 22)
- Re: Is Marty Lying? security snot (Sep 23)
- Please don't feed the troll (was: Re: Is Marty Lying?) Cael Abal (Sep 23)
- Re: Is Marty Lying? security snot (Sep 22)
- Re: Is Marty Lying? Martin Roesch (Sep 22)
- Re: Is Marty Lying? Peter Busser (Sep 22)
- Re: Is Marty Lying? Gregory A. Gilliss (Sep 22)
- Re: Is Marty Lying? security snot (Sep 22)
- Re: Is Marty Lying? pdt (Sep 22)
- Re: Is Marty Lying? Florin Andrei (Sep 22)
- Re: Is Marty Lying? Justin (Sep 23)
- Re: Is Marty Lying? Paul Schmehl (Sep 22)
- Re: Is Marty Lying? Valdis . Kletnieks (Sep 22)
- The usefullness of IDSes (Was: Re: Is Marty Lying?) Peter Busser (Sep 23)
- RE: The usefullness of IDSes (Was: Re: Is Marty Lying?) Philippe Bogaerts (Sep 23)
- RE: The usefullness of IDSes (Was: Re: Is Marty Lying?) Cedric Blancher (Sep 23)