IDS mailing list archives
Re: Cisco CTR
From: Renaud Deraison <deraison () nessus org>
Date: Mon, 10 Nov 2003 09:39:01 -0500
On Fri, Nov 07, 2003 at 11:13:55AM -0500, Rob Shein wrote:
There's nothing unsubstantiated about it at all. Look at the code for some of the exploits, actually READ the code. Few of them have patches, and more to the point, all of the good ones are meant to be small.
Many exploits will disable the targeted service - rpc.yppasswdd, rpc.statd and even the MS SQL sapphire worm come to mind - and the IDS will find itself facing a closed port when doing its post-attack probe. What happens in that case ? Will the IDS log that attack as being a false positive ? -- Renaud -- Renaud Deraison http://www.nessus.org --------------------------------------------------------------------------- Network with over 10,000 of the brightest minds in information security at the largest, most highly-anticipated industry event of the year. Don't miss RSA Conference 2004! Choose from over 200 class sessions and see demos from more than 250 industry vendors. If your job touches security, you need to be here. Learn more or register at http://www.securityfocus.com/sponsor/RSA_focus-ids_031023 and use priority code SF4. ---------------------------------------------------------------------------
Current thread:
- Cisco CTR Liran Chen (Nov 06)
- RE: Cisco CTR Rob Shein (Nov 06)
- Re: Cisco CTR Gary Flynn (Nov 07)
- RE: Cisco CTR Rob Shein (Nov 07)
- RE: Cisco CTR Michael Marziani (Nov 07)
- RE: Cisco CTR Rob Shein (Nov 07)
- RE: Cisco CTR Michael Marziani (Nov 07)
- RE: Cisco CTR Rob Shein (Nov 07)
- Re: Cisco CTR Renaud Deraison (Nov 10)
- Re: Cisco CTR Gary Flynn (Nov 07)
- RE: Cisco CTR Gary Halleen (Nov 07)
- RE: Cisco CTR Michael Marziani (Nov 10)
- RE: Cisco CTR Chad R. Skipper (Nov 10)
- RE: Cisco CTR Rob Shein (Nov 06)
- Re: Cisco CTR Joe Bowling (Nov 10)
- RE: Cisco CTR Alan Shimel (Nov 10)
- Re: Cisco CTR John Lampe (Nov 10)
- <Possible follow-ups>
- RE: Cisco CTR John Petropoulos (Nov 07)
- Re: Cisco CTR liranil (Nov 12)