lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20041124115431.13462.qmail@orodruin.tierramedia.org>
From: legion at tierramedia.org (Antonio Javier G. M.)
Subject: Re: signatures for Oracle Alert 68

 

Valdis.Kletnieks@...edu writes: 

> On Tue, 23 Nov 2004 18:43:22 +0100, "Antonio Javier G. M." said:
>> We need signatures for IDS/IDP for Oracle's alert 68.
                         ^^^^^^^^
Just a reminder for everybody an the archives - In fact the question was 
very clear (see IDS/IDP --> Intrusion detection and prevention) and IDPs/IPS 
are condoms, not doctors, for example netscreen IDP and Nai IPS, an the last 
version of snort (based on snort inline). 

 

>> How can we protect against these attacks if we can not apply patches in some 
>> platforms? 
> 
> Just a reminder for everybody and the archives - unless you're using some sort
> of firewall appliance that doesn't pass a packet that triggers a signature,
> having a signature doesn't actually protect you. 
> 
> If you're just using Snort, and it coughs up a "Signature for Oracle 68"
> message, it's *too late*.  That's not a condom, that's the doctor telling you
> the test came back positive. 
> 
> (An amazing number of people manage to get confused on this point, and probably
> get hacked as a result....) 
> 

We really know what are we talking about. Please, use google to search for 
IDP or IPS technologies and snortinline.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ