RE: SQL injection

["Todd Towles" <toddtowles () brookshires com>]

Well, Sig based detection is that that sig based. So I am sure that new
attacks or old attacks may be able to bypass most IDS/IPS with various
techinques. But no IDS or IPS system is perfect. No firewall or AV is
perfect. We are talking about protection - nothing is 100% secure.
Blocking the basic SQL injection attack is better than nothing at all.

> -----Original Message-----
> From: jriden () it029205 massey ac nz 
> [mailto:jriden () it029205 massey ac nz] On Behalf Of James Riden
> Sent: Thursday, June 09, 2005 10:01 PM
> To: Tim
> Cc: pen-test () securityfocus com
> Subject: Re: SQL injection
>
> Tim <tim-pentest () sentinelchicken org> writes:
>
> > I am sure many IPS/IDSes are great for stopping a lot of 
> attacks.  I 
> > find it incredibly hard to believe that they stop all.  It is far 
> > better to write good code in the first place.
>
> Definitely true.
>  
> > To those people out there who recommended this or that IPS/IDS:  
> > Have you tested these against real attacks?  
>
> Yes, I've caught real attacks using snort with the bleeding 
> rules. As you say, perhaps only the obvious ones though 
> ("xp_cmdshell").
>
> --
> James Riden / j.riden () massey ac nz / Systems Security 
> Engineer GPG public key available at: 
> http://www.massey.ac.nz/~jriden/ This post does not 
> necessarily represent the views of my employer.