[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Is Marty Lying?
- To: full-disclosure@xxxxxxxxxxxxxxxx
- Subject: Re: [Full-Disclosure] Is Marty Lying?
- From: Justin <justin-fulldisclosure@xxxxxxxx>
- Date: Tue, 23 Sep 2003 14:47:21 +0000
Florin Andrei (2003-09-22 23:25Z) wrote:
> On Mon, 2003-09-22 at 14:13, security snot wrote:
> > "Detect intrusions" - if you can set an IDS signature for something, then
> > you shouldn't be vulnerable to it. So the functionality of IDS is to tell
> > you when you've been compromised by six-month old public vulnerabilities
> > that dvdman has finally gotten his hands on an exploit for, that you never
> > bothered to patch for?
>
> True, in an ideal world.
> However, in the _real_ one, things are slightly different. Especially on
> large networks (> thousands of systems), funny things start to happen.
Not even true in the ideal world. You can add IDS sigs for symptoms of
breakins (e.g. shellcode) rather than vuln-specific signatures. But
perhaps security snot has some magical cure for every possible
unidentified remote security flaw?
--
No man is clever enough to Times are bad. Children no longer
know all the evil he does. obey their parents, and everyone
-Francois de la Rochefoucauld is writing a book. -Cicero
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html