[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Re: signatures for Oracle Alert 68

To: "Antonio Javier G. M." <legion@xxxxxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] Re: signatures for Oracle Alert 68
From: Valdis.Kletnieks@xxxxxx
Date: Tue, 23 Nov 2004 14:47:17 -0500

On Tue, 23 Nov 2004 18:43:22 +0100, "Antonio Javier G. M." said:
> We need signatures for IDS/IDP for Oracle's alert 68.
> How can we protect against these attacks if we can not apply patches in some 
> platforms? 

Just a reminder for everybody and the archives - unless you're using some sort
of firewall appliance that doesn't pass a packet that triggers a signature,
having a signature doesn't actually protect you.

If you're just using Snort, and it coughs up a "Signature for Oracle 68"
message, it's *too late*.  That's not a condom, that's the doctor telling you
the test came back positive.

(An amazing number of people manage to get confused on this point, and probably
get hacked as a result....)

Attachment: pgp00110.pgp
Description: PGP signature

Follow-Ups:
- [Full-Disclosure] Re: signatures for Oracle Alert 68
  - From: Antonio Javier G. M.

References:
- [Full-Disclosure] HAPPY BIRTHDAY: Yahoo & AmericanGreetings.com
  - From: http-equiv@xxxxxxxxxx
- Re: [Full-Disclosure] HAPPY BIRTHDAY: Yahoo & AmericanGreetings.com
  - From: john morris
- [Full-Disclosure] Re: signatures for Oracle Alert 68
  - From: Antonio Javier G. M.

Prev by Date: Re: [Full-Disclosure] Why is IRC still around?
Next by Date: [Full-Disclosure] Prozilla Remote Exploit
Previous by thread: [Full-Disclosure] Re: signatures for Oracle Alert 68
Next by thread: [Full-Disclosure] Re: signatures for Oracle Alert 68
Index(es):
- Date
- Thread