[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-Disclosure] Re: signatures for Oracle Alert 68
- To: Valdis.Kletnieks@xxxxxx
- Subject: [Full-Disclosure] Re: signatures for Oracle Alert 68
- From: "Antonio Javier G. M." <legion@xxxxxxxxxxxxxxx>
- Date: Wed, 24 Nov 2004 12:54:31 +0100
Valdis.Kletnieks@xxxxxx writes:
On Tue, 23 Nov 2004 18:43:22 +0100, "Antonio Javier G. M." said:
We need signatures for IDS/IDP for Oracle's alert 68.
^^^^^^^^
Just a reminder for everybody an the archives - In fact the question was
very clear (see IDS/IDP --> Intrusion detection and prevention) and IDPs/IPS
are condoms, not doctors, for example netscreen IDP and Nai IPS, an the last
version of snort (based on snort inline).
How can we protect against these attacks if we can not apply patches in some
platforms?
Just a reminder for everybody and the archives - unless you're using some sort
of firewall appliance that doesn't pass a packet that triggers a signature,
having a signature doesn't actually protect you.
If you're just using Snort, and it coughs up a "Signature for Oracle 68"
message, it's *too late*. That's not a condom, that's the doctor telling you
the test came back positive.
(An amazing number of people manage to get confused on this point, and probably
get hacked as a result....)
We really know what are we talking about. Please, use google to search for
IDP or IPS technologies and snortinline.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html