Bugtraq mailing list archives
Re: Fwd: Information on MS99-022
From: avalon () COOMBS ANU EDU AU (Darren Reed)
Date: Sun, 4 Jul 1999 22:36:20 +1000
In some mail from Vanja Hrustic, sie said:
I haven't seen this on the Bugtraq, but it's very interesting...
[...]
So, if I have my custom-developed IDS running, I won't be able to implement a pattern for this, because I am not a member of 'Intrusion Detection Consortium'? Note the words... "This will allow security vendors to have access to the information..." - why only security vendors? What better they are than Bugtraq folks?
bugtraq is not _only_ for security vendors. It's open to the unwashed masses, if you get my drift. I'm sure the ICSA IDS vendors are quite happy with this approach :)
"Security through obscurity" comes to mind...
I would hazard a guess that the number of custom IDS systems in place is a small number, so if you compare the number of hackers who would gain information on how to exploit this feature and otherwise wouldn't (i.e. script kiddies) and weigh that against those that run custom IDS solutions, I think the scales will tip in favour of the script kiddies. I say that because if you have your own IDS system, chances are you've built it on a Unix system and hence run Unix elsewhere through your firewall, etc, and wouldn't need to worry about this threat because you don't have IIS4.0 on any critical systems. Does that make some sense ? Darren
Current thread:
- Re: Fwd: Information on MS99-022, (continued)
- Re: Fwd: Information on MS99-022 Renaud Deraison (Jul 03)
- Re: Fwd: Information on MS99-022 Darren Reed (Jul 04)
- Re: Fwd: Information on MS99-022 Renaud Deraison (Jul 05)
- Re: Fwd: Information on MS99-022 Darren Reed (Jul 05)
- IGMP fragmentation bug in Windows 98/2000 Coolio (Jul 03)
- Re: IGMP fragmentation bug in Windows 98/2000 Steve (Jul 08)
- PR from MS about BO2K Christopher Schulte (Jul 10)
- ip stack bug in windows kod.c(kiss of death) klepto (Jul 03)
- Re: Fwd: Information on MS99-022 Renaud Deraison (Jul 05)
- Re: Fwd: Information on MS99-022 Darren Reed (Jul 04)
- Re: Fwd: Information on MS99-022 Renaud Deraison (Jul 03)
- Re: Fwd: Information on MS99-022 Vanja Hrustic (Jul 04)
- Re: Fwd: Information on MS99-022 Mike C. (Jul 04)