On Sat, 13 May 2006 15:35:22 +0200, Roman Medina-Heigl Hernandez said: > even accessed if the network were propperly segmented/firewalled. Or my > IDS noticed the 0day exploitation (not very sure of this }:-)). An IDS can almost never spot a 0day for the same reason almost all A/V solutions can't spot new viruses - if it's not in the templates, it's not malware it recognizes. If you're lucky, the attack packet is produced by something like Metasploit, and your IDS trips on the payload rather than the exploit part of the package. On the other hand, I'll guesstimate that most of thet time it doesn't matter in any real sense, since probably 90% of the sites that install a firewall or IDS then use that as an Alfred E Newman "Me worry?" excuse and don't patch their systems (leading to Marcus Ranum's "Hard crunchy outside, soft chewy inside" description of security). And then of course, the McSE (you want fries with that?) that "managed" the firewall/IDS moves on, so it's not getting updated either.....
Attachment:
pgpP01wwKU0DH.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/