[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20030923144721.GB1563@dreams.soze.net>
From: justin-fulldisclosure at soze.net (Justin)
Subject: Is Marty Lying?
Florin Andrei (2003-09-22 23:25Z) wrote:
> On Mon, 2003-09-22 at 14:13, security snot wrote:
> > "Detect intrusions" - if you can set an IDS signature for something, then
> > you shouldn't be vulnerable to it. So the functionality of IDS is to tell
> > you when you've been compromised by six-month old public vulnerabilities
> > that dvdman has finally gotten his hands on an exploit for, that you never
> > bothered to patch for?
>
> True, in an ideal world.
> However, in the _real_ one, things are slightly different. Especially on
> large networks (> thousands of systems), funny things start to happen.
Not even true in the ideal world. You can add IDS sigs for symptoms of
breakins (e.g. shellcode) rather than vuln-specific signatures. But
perhaps security snot has some magical cure for every possible
unidentified remote security flaw?
--
No man is clever enough to Times are bad. Children no longer
know all the evil he does. obey their parents, and everyone
-Francois de la Rochefoucauld is writing a book. -Cicero
Powered by blists - more mailing lists