Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Is Marty Lying?

From: Justin <justin-fulldisclosure () soze net>
Date: Tue, 23 Sep 2003 14:47:21 +0000
Florin Andrei (2003-09-22 23:25Z) wrote:


On Mon, 2003-09-22 at 14:13, security snot wrote:

"Detect intrusions" - if you can set an IDS signature for something, then
you shouldn't be vulnerable to it.  So the functionality of IDS is to tell
you when you've been compromised by six-month old public vulnerabilities
that dvdman has finally gotten his hands on an exploit for, that you never
bothered to patch for?


True, in an ideal world.
However, in the _real_ one, things are slightly different. Especially on
large networks (> thousands of systems), funny things start to happen.


Not even true in the ideal world.  You can add IDS sigs for symptoms of
breakins (e.g. shellcode) rather than vuln-specific signatures.  But
perhaps security snot has some magical cure for every possible
unidentified remote security flaw?

-- 
No man is clever enough to          Times are bad.  Children no longer
know all the evil he does.          obey their parents, and everyone
-Francois de la Rochefoucauld       is writing a book.  -Cicero

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: