On Mon, 22 Sep 2003 14:13:44 PDT, security snot said: > "Detect intrusions" - if you can set an IDS signature for something, then > you shouldn't be vulnerable to it. So the functionality of IDS is to tell > you when you've been compromised by six-month old public vulnerabilities > that dvdman has finally gotten his hands on an exploit for, that you never > bothered to patch for? No, the functionality of an IDS is to tell you that somebody just pointed the exploit at you and (hopefully) failed to get in. Consider the unexplained theft of valuables from a bank vault. The surveillance camera may not show how they actually got it, but when you're looking for suspects, a good place to start would be those 3 guys who spent a half hour trying to do the lock on the door earlier that night..... > Useless. Hammers are useless for driving screws. Almost every tool is useless when used by somebody who doesn't understand it.
Attachment:
pgp00063.pgp
Description: PGP signature