IDS mailing list archives
RE: Cisco CTR
From: "Alan Shimel" <alan () latis com>
Date: Fri, 7 Nov 2003 08:25:29 -0700
Our product Border Guard release 4.2 has the same functionality built in now, we actually block the attacks based on two criteria: 1. Is the attack aimed at an accessiable device (device at destination IP and port open) 2. Does that device have the vulnerability that this attack exploits. I would be interested to hear from Rob and some of the others out there how that differs from what cisco is offerring in beta now. I think being proactive in blocking attacks at known vulnerable devices is preferred. alan Alan Shimel VP of Sales & Business Development Latis Networks, Inc. 303-381-3815 Direct 303-381-3881 Fax 516-857-7409 Mobile www.stillsecure.com Reducing your risk has never been this easy. . . . The information transmitted is intended only for the person to which it is addressed and may contain confidential material. Review or other use of this information by persons other than the intended recipient is prohibited. If you've received this in error, please contact the sender and delete from any computer. -----Original Message----- From: Rob Shein [mailto:shoten () starpower net] Sent: Thursday, November 06, 2003 3:56 PM To: 'Gary Flynn' Cc: 'Liran Chen'; focus-ids () securityfocus com Subject: RE: Cisco CTR Yes, but nobody patches it THAT quickly. CTR acts immediately, not a half-hour later...it would have started scanning by the time the hacker at the other end notices that he has a shell...
-----Original Message----- From: Gary Flynn [mailto:flynngn () jmu edu] Sent: Thursday, November 06, 2003 5:58 PM To: Rob Shein Cc: 'Liran Chen'; focus-ids () securityfocus com Subject: Re: Cisco CTR Rob Shein wrote:I think this largely relates to the earlier discussionabout how thereis a difference between a "false positive" and an actualattack thatfails to succeed. Ask yourself this: are you going to want to know about all attacks or just those that have a chance of success? If someone throws IIS attacks at your apache web server, doyou want toknow about it...or do you want to wait until they start using apache-compatible exploits? There's a good summary of what CTR does here: http://www.cisco.com/en/US/products/sw/secursw/ps5054/Another thing to think about - some folks have a habit of patching the hole they came in through. Just because a vulnerability scan shows no vulnerability it does not mean an attack was unsuccessful. -- Gary Flynn Security Engineer - Technical Services James Madison University Please R.U.N.S.A.F.E. http://www.jmu.edu/computing/runsafe
------------------------------------------------------------------------ --- Network with over 10,000 of the brightest minds in information security at the largest, most highly-anticipated industry event of the year. Don't miss RSA Conference 2004! Choose from over 200 class sessions and see demos from more than 250 industry vendors. If your job touches security, you need to be here. Learn more or register at http://www.securityfocus.com/sponsor/RSA_focus-ids_031023 and use priority code SF4. ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- Network with over 10,000 of the brightest minds in information security at the largest, most highly-anticipated industry event of the year. Don't miss RSA Conference 2004! Choose from over 200 class sessions and see demos from more than 250 industry vendors. If your job touches security, you need to be here. Learn more or register at http://www.securityfocus.com/sponsor/RSA_focus-ids_031023 and use priority code SF4. ---------------------------------------------------------------------------
Current thread:
- RE: Cisco CTR, (continued)
- RE: Cisco CTR Rob Shein (Nov 07)
- RE: Cisco CTR Michael Marziani (Nov 07)
- RE: Cisco CTR Rob Shein (Nov 07)
- RE: Cisco CTR Michael Marziani (Nov 07)
- RE: Cisco CTR Rob Shein (Nov 07)
- Re: Cisco CTR Renaud Deraison (Nov 10)
- RE: Cisco CTR Gary Halleen (Nov 07)
- RE: Cisco CTR Michael Marziani (Nov 10)
- RE: Cisco CTR Chad R. Skipper (Nov 10)
- Re: Cisco CTR Joe Bowling (Nov 10)
- RE: Cisco CTR Alan Shimel (Nov 10)
- Re: Cisco CTR John Lampe (Nov 10)
- Re: Cisco CTR Joe Bowling (Nov 12)
- Re: Cisco CTR Ron Gula (Nov 13)
- Re: Cisco CTR John Lampe (Nov 13)
- Re: Cisco CTR Martin Roesch (Nov 17)
- Re: Cisco CTR Ron Gula (Nov 17)