IDS mailing list archives
Re: Cisco CTR
From: Petr Ruzicka <pruzicka () openbsd cz>
Date: Sat, 8 Nov 2003 03:24:27 +0000
Hi, Liran Chen [liranil () optonline net] wrote:
2. CTR is a kind of Nessus or NMAP that check the offended host?
AFAIK CTR will nmap offended host in first phase, check OS. If, in present time, OS is, M$ Win, in second phase, CRT will, if could do that, loig in to offended host, check if attack succedded and let you know. 1. you have to have give CTR access to your NT host 2. if attack was successfull, Cisco IDS did know about it, as it has signatures, so potential exploit was know, as was bug. So you should fix and patch that bug anyway (via Windows update, CVS etc.). If bug was/it unknown to IDS/CRT will not notice as it has no signature for it and CRT doesn't matter. Petr R. --------------------------------------------------------------------------- Network with over 10,000 of the brightest minds in information security at the largest, most highly-anticipated industry event of the year. Don't miss RSA Conference 2004! Choose from over 200 class sessions and see demos from more than 250 industry vendors. If your job touches security, you need to be here. Learn more or register at http://www.securityfocus.com/sponsor/RSA_focus-ids_031023 and use priority code SF4. ---------------------------------------------------------------------------
Current thread:
- RE: Cisco CTR, (continued)
- RE: Cisco CTR Michael Marziani (Nov 07)
- RE: Cisco CTR Rob Shein (Nov 07)
- Re: Cisco CTR Renaud Deraison (Nov 10)
- RE: Cisco CTR Gary Halleen (Nov 07)
- RE: Cisco CTR Michael Marziani (Nov 10)
- RE: Cisco CTR Chad R. Skipper (Nov 10)
- Re: Cisco CTR Joe Bowling (Nov 10)
- RE: Cisco CTR Alan Shimel (Nov 10)
- Re: Cisco CTR John Lampe (Nov 10)
- Re: Cisco CTR Joe Bowling (Nov 12)
- Re: Cisco CTR Ron Gula (Nov 13)
- Re: Cisco CTR John Lampe (Nov 13)
- Re: Cisco CTR Martin Roesch (Nov 17)
- Re: Cisco CTR Ron Gula (Nov 17)
- Re: Cisco CTR Martin Roesch (Nov 17)
- Re: Cisco CTR Ron Gula (Nov 17)
- Re: Cisco CTR Martin Roesch (Nov 19)