Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Britney and Kevin are Chaotic

From: "El Nahual" <nahual () g-con org>
Date: Fri, 27 May 2005 00:14:49 -0500
Fastly and stupidly saying, there is a nice solution to stop all malware and
virus and bds, sign your shit and get anal on getting it to work, you can
heck out the stuff on www.se46.se we are coding the unix version of it (so i
wont get that tramped once it gets known)

But hey works nice, better safe than sorry if you don't let any binaries
run, at least will stop you from BDs and weird behaviour for stupid coding
(AkA bug stuff and memory related stuff) PaX can get ya safe enough?
(www.ngsec.com has a wintendo version of PaX)

//Nahual

-----Mensaje original-----
De: dailydave-bounces () lists immunitysec com
[mailto:dailydave-bounces () lists immunitysec com] En nombre de Andrew R.
Reiter
Enviado el: Friday, May 27, 2005 12:07 AM
Para: byte_jump
CC: dailydave () lists immunitysec com
Asunto: Re: [Dailydave] Britney and Kevin are Chaotic

On Thu, 26 May 2005, byte_jump wrote:

:The cost of rolling out a Tripwire or Tripwire-like solution to
:desktops in even a medium sized enterprise would be out of this world
:compared to a couple of well placed NIDS, but I believe the two meet
:different goals.
:
:I don't think one can rely on a NIDS to provide the level of detection
:that Tripwire can, and vice versa. For example, a NIDS would not
:likely detect a private, zero-day exploit against an Apache server
:while Tripwire may detect the alteration of files (maybe not). I think
:PaX or something like that would be more useful in that regard, but
:the two would compliment each other.
:
:On the other hand, it's not likely that Tripwire would detect that two
:desktops are acting as their own SMTP servers to send mail - though a
:NIDS could.
:
:Again, trying to roll out something like Tripwire or PaX on an
:enterprise network is next to impossible - and what do you do with all
:of your Windows desktops?
:
:Examples of what NIDS would be useful for, in my opinion, would be:
:- Detect anomalous SMTP servers on the network.
:- Detect unauthorized DNS or DHCP servers on a network.
:- Detect IRC traffic.
:- Detect traffic above a certain threshold.
:- Detect an unsolicited ICMP echo reply or other potential covert channels.
:
:There are other examples, but those quickly come to mind.

Mmm; I love how these products exist and people are ignorant of them.

:
:On 5/26/05, Adam Shostack <adam () homeport org> wrote:
:> 
:> Really?  Why not tripwire a few hosts?  Or wait for something bad to
:> happen?
:> 
:> Can you show me that spending on an IDS really leads to lower incident
:> handling costs?  (I suspect that it could, but have no data.)
:> 
:> Adam
:>
:_______________________________________________
:Dailydave mailing list
:Dailydave () lists immunitysec com
:https://lists.immunitysec.com/mailman/listinfo/dailydave
:
:

--
Andrew R. Reiter
arr () watson org
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: