[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.58.0309221412290.25645@cia.zemos.net>
From: booger at unixclan.net (security snot)
Subject: Is Marty Lying?
"Detect intrusions" - if you can set an IDS signature for something, then
you shouldn't be vulnerable to it. So the functionality of IDS is to tell
you when you've been compromised by six-month old public vulnerabilities
that dvdman has finally gotten his hands on an exploit for, that you never
bothered to patch for?
Useless.
-----------------------------------------------------------
"Whitehat by day, booger at night - I'm the security snot."
- CISSP / CCNA / A+ Certified - www.unixclan.net/~booger/ -
-----------------------------------------------------------
On Mon, 22 Sep 2003, Gregory A. Gilliss wrote:
> Peter:
>
> Intrusion Detection systems are designed to detect intrusions. Period.
> No one AFAIK has yet developed the Intrusion Prediction system. If you
> have an alpha version lying around, pls respond with a link. I'm sure
> that you will quickly be deluged with download requests =;^)
>
> Reactive is the nature of the beast, a point that has been rehashed many
> many times here and elsewhere. No finite state machine can anticipate or
> detect the virus that I am right now writing, unless I foolishly make part
> of the binary match an existing sig. there will *always* be a latency
> between action and response. One of the things that people on this list
> do is attempt to assist each other in minimizing that latency.
>
> Now, if we could only get some of the vendors onboard >-)
>
> G
>
> On or about 2003.09.22 21:23:52 +0000, Peter Busser (peter@...steddebian.org) said:
>
> > Hi!
> >
> > > > 3) Why the fuck do people still thing signature-based IDS is worthwhile?
> > > Give us another solution. Are you saying anomoly based ids signatures are
> > > _worthwhile_?
> >
> > The problem with IDS systems is the same problem that currently available
> > virus scanners have: They work reactive and not proactive.
> >
> > Making machines harder to break into and improve ways to enforce a security
> > policy (e.g. by using Mandatory Access Control (MAC)) would be one way to
> > proactively deal with security.
>
> --
> Gregory A. Gilliss, CISSP Telephone: 1 650 872 2420
> Computer Engineering E-mail: greg@...liss.com
> Computer Security ICQ: 123710561
> Software Development WWW: http://www.gilliss.com/greg/
> PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4 14 0E 8C A3
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
Powered by blists - more mailing lists