lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.58.0309221412290.25645@cia.zemos.net>
From: booger at unixclan.net (security snot)
Subject: Is Marty Lying?

"Detect intrusions" - if you can set an IDS signature for something, then
you shouldn't be vulnerable to it.  So the functionality of IDS is to tell
you when you've been compromised by six-month old public vulnerabilities
that dvdman has finally gotten his hands on an exploit for, that you never
bothered to patch for?

Useless.

-----------------------------------------------------------
"Whitehat by day, booger at night - I'm the security snot."
- CISSP / CCNA / A+ Certified - www.unixclan.net/~booger/ -
-----------------------------------------------------------

On Mon, 22 Sep 2003, Gregory A. Gilliss wrote:

> Peter:
>
> Intrusion Detection systems are designed to detect intrusions. Period.
> No one AFAIK has yet developed the Intrusion Prediction system. If you
> have an alpha version lying around, pls respond with a link. I'm sure
> that you will quickly be deluged with download requests =;^)
>
> Reactive is the nature of the beast, a point that has been rehashed many
> many times here and elsewhere. No finite state machine can anticipate or
> detect the virus that I am right now writing, unless I foolishly make part
> of the binary match an existing sig. there will *always* be a latency
> between action and response. One of the things that people on this list
> do is attempt to assist each other in minimizing that latency.
>
> Now, if we could only get some of the vendors onboard >-)
>
> G
>
> On or about 2003.09.22 21:23:52 +0000, Peter Busser (peter@...steddebian.org) said:
>
> > Hi!
> >
> > > > 3) Why the fuck do people still thing signature-based IDS is worthwhile?
> > > Give us another solution. Are you saying anomoly based ids signatures are
> > > _worthwhile_?
> >
> > The problem with IDS systems is the same problem that currently available
> > virus scanners have: They work reactive and not proactive.
> >
> > Making machines harder to break into and improve ways to enforce a security
> > policy (e.g. by using Mandatory Access Control (MAC)) would be one way to
> > proactively deal with security.
>
> --
> Gregory A. Gilliss, CISSP                             Telephone: 1 650 872 2420
> Computer Engineering                                   E-mail: greg@...liss.com
> Computer Security                                                ICQ: 123710561
> Software Development                          WWW: http://www.gilliss.com/greg/
> PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4 14 0E 8C A3
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ