IDS mailing list archives

ssh and ids

From: "Runion Mark A FGA DOIM WEBMASTER(ctr)" <mark.runion () us army mil>
Date: Fri, 18 Jun 2004 18:18:54 -0000

Lets suppose the attacker is mildly sophisticated, and after making the
initial assault roots the box and installs a secure backdoor or two.  Is
there any IDS capable of isolating data it cannot read, except to monitor
authorized port usage of a system or group of systems?  Not to complicate
the question, but when the attacker is using portal gates and all
communications traffic is encrypted in normal channels how can an IDS
participate?  Monitoring normal traffic patterns seems a bit slow for
detection.

-
Mark Runion 


---------------------------------------------------------------------------

---------------------------------------------------------------------------

Current thread:

ssh and ids Runion Mark A FGA DOIM WEBMASTER(ctr) (Jun 18)
- Re: ssh and ids Adam Powers (Jun 21)
- Re: ssh and ids Martin Roesch (Jun 21)
  - Re: ssh and ids Tony Carter (Jun 22)
  - Re: ssh and ids Jason (Jun 22)
  - Re: ssh and ids Adam Powers (Jun 22)
    - Re: ssh and ids Martin Roesch (Jun 23)
    - Re: ssh and ids Christian Kreibich (Jun 24)
- Re: ssh and ids Gary Flynn (Jun 21)
  - Re: ssh and ids Frank Knobbe (Jun 22)
    - Re: ssh and ids Bamm Visscher (Jun 23)

(Thread continues...)