[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Re: signatures for Oracle Alert 68





Valdis.Kletnieks@xxxxxx writes:

On Tue, 23 Nov 2004 18:43:22 +0100, "Antonio Javier G. M." said:
We need signatures for IDS/IDP for Oracle's alert 68.
^^^^^^^^
Just a reminder for everybody an the archives - In fact the question was very clear (see IDS/IDP --> Intrusion detection and prevention) and IDPs/IPS are condoms, not doctors, for example netscreen IDP and Nai IPS, an the last version of snort (based on snort inline).




How can we protect against these attacks if we can not apply patches in some platforms?

Just a reminder for everybody and the archives - unless you're using some sort
of firewall appliance that doesn't pass a packet that triggers a signature,
having a signature doesn't actually protect you.


If you're just using Snort, and it coughs up a "Signature for Oracle 68"
message, it's *too late*. That's not a condom, that's the doctor telling you
the test came back positive.


(An amazing number of people manage to get confused on this point, and probably
get hacked as a result....)



We really know what are we talking about. Please, use google to search for IDP or IPS technologies and snortinline.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html