Firewall Wizards mailing list archives
Re: Important Comments re: INtrusion Detection
From: Aleph One <aleph1 () dfw dfw net>
Date: Sun, 15 Feb 1998 02:06:28 -0600 (CST)
On Sat, 14 Feb 1998, Steve Bellovin wrote:
The most serious problem, of course, is that there is no a priori reason to think that the IDS's stack is bug-free. And if you penetrate it, you've acquired control of a machine that is by definition a perfect sniffer -- for the dark side...
But this is the case of non-proxy IDS's (or any other network program [e.g. firewalls]) right now as well. The new architecture does not change this. Aleph One / aleph1 () dfw net http://underground.org/ KeyID 1024/948FD6B5 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
Current thread:
- Re: Important Comments re: INtrusion Detection, (continued)
- Re: Important Comments re: INtrusion Detection Aleph One (Feb 17)
- Re: Important Comments re: INtrusion Detection Doug Hughes (Feb 18)
- Re: Important Comments re: INtrusion Detection tqbf (Feb 14)
- Re: Important Comments re: INtrusion Detection marc (Feb 14)
- Re: Important Comments re: INtrusion Detection Darren Reed (Feb 14)
- Re: Important Comments re: INtrusion Detection Paul D. Robertson (Feb 15)
- Re: Important Comments re: INtrusion Detection marc (Feb 15)
- Re: Important Comments re: INtrusion Detection tqbf (Feb 15)
- Re: Important Comments re: INtrusion Detection Steven M. Bellovin (Feb 15)
- Re: Important Comments re: INtrusion Detection Aleph One (Feb 15)
- Re: Important Comments re: INtrusion Detection Steven M. Bellovin (Feb 16)
- Re: Important Comments re: INtrusion Detection tqbf (Feb 16)
- Re: Important Comments re: INtrusion Detection Aleph One (Feb 16)
- Re: Important Comments re: INtrusion Detection Darren Reed (Feb 16)
- Re: Important Comments re: INtrusion Detection Steven M. Bellovin (Feb 16)
- Re: Important Comments re: INtrusion Detection Aleph One (Feb 16)
- Re: Important Comments re: INtrusion Detection Paul D. Robertson (Feb 16)