Full Disclosure mailing list archives
RE: The usefullness of IDSes (Was: Re: Is Marty Lying?)
From: Cedric Blancher <blancher () cartel-securite fr>
Date: Tue, 23 Sep 2003 20:39:35 +0200
Le mar 23/09/2003 à 10:01, Philippe Bogaerts a écrit :
I totally agree. An IDS for auditing firewall or other policies can be usefull, if properly configured.
Agree. In conjunction with a conventional audit or open pentest, a well configured IDS framework can point where security policy is broken.
I simple hate the fact that most vendors position their IDS product as an attack blocking device. The only thing they can is actually RST tcp connections (sometimes). My opnion is that is quite a simple and basic method for doing attack blocking.
It is a simple and basic one, but sometimes ineffective. Juste think of Slamer that uses a single UDP packet to replicate. Even if your IDS can detect this, it is already to late. The thing I really hate is IDs vendors that come to you with a "my IDS can do all the blocking stuff for you". I went to an IDS demo with an old badly configured FW1 firewall, a IIS 4 webserver and a root'o'matic WuFTPd. First part, cracker can go through and root everything. Second part, I plug my IDS sensors, enable FW1 plugin, and see, all attackes are blocked ! You're now secure. I hate this. I really do (and people from this IDS vendors seems to hate me as well now ;)). -- http://www.netexit.com/~sid/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Is Marty Lying?, (continued)
- Re: Is Marty Lying? Peter Busser (Sep 22)
- Re: Is Marty Lying? Gregory A. Gilliss (Sep 22)
- Re: Is Marty Lying? security snot (Sep 22)
- Re: Is Marty Lying? pdt (Sep 22)
- Re: Is Marty Lying? Florin Andrei (Sep 22)
- Re: Is Marty Lying? Justin (Sep 23)
- Re: Is Marty Lying? Paul Schmehl (Sep 22)
- Re: Is Marty Lying? Valdis . Kletnieks (Sep 22)
- The usefullness of IDSes (Was: Re: Is Marty Lying?) Peter Busser (Sep 23)
- RE: The usefullness of IDSes (Was: Re: Is Marty Lying?) Philippe Bogaerts (Sep 23)
- RE: The usefullness of IDSes (Was: Re: Is Marty Lying?) Cedric Blancher (Sep 23)
- Re: Is Marty Lying? Peter Busser (Sep 22)
- Re: Is Marty Lying? Peter Busser (Sep 22)
- Re: Is Marty Lying? Shawn McMahon (Sep 22)
- Re: Is Marty Lying? Frank Knobbe (Sep 22)