"Detect intrusions" - if you can set an IDS signature for something, then you shouldn't be vulnerable to it. So the functionality of IDS is to tell you when you've been compromised by six-month old public vulnerabilities that dvdman has finally gotten his hands on an exploit for, that you never bothered to patch for?
Useless. ----------------------------------------------------------- "Whitehat by day, booger at night - I'm the security snot." - CISSP / CCNA / A+ Certified - www.unixclan.net/~booger/ - ----------------------------------------------------------- On Mon, 22 Sep 2003, Gregory A. Gilliss wrote: > Peter: > > Intrusion Detection systems are designed to detect intrusions. Period. > No one AFAIK has yet developed the Intrusion Prediction system. If you > have an alpha version lying around, pls respond with a link. I'm sure > that you will quickly be deluged with download requests =;^) > > Reactive is the nature of the beast, a point that has been rehashed many > many times here and elsewhere. No finite state machine can anticipate or > detect the virus that I am right now writing, unless I foolishly make part > of the binary match an existing sig. there will *always* be a latency > between action and response. One of the things that people on this list > do is attempt to assist each other in minimizing that latency. > > Now, if we could only get some of the vendors onboard >-) > > G > > On or about 2003.09.22 21:23:52 +0000, Peter Busser ([EMAIL PROTECTED]) said: > > > Hi! > > > > > > 3) Why the fuck do people still thing signature-based IDS is worthwhile? > > > Give us another solution. Are you saying anomoly based ids signatures are > > > _worthwhile_? > > > > The problem with IDS systems is the same problem that currently available > > virus scanners have: They work reactive and not proactive. > > > > Making machines harder to break into and improve ways to enforce a security > > policy (e.g. by using Mandatory Access Control (MAC)) would be one way to > > proactively deal with security. > > -- > Gregory A. Gilliss, CISSP Telephone: 1 650 872 2420 > Computer Engineering E-mail: [EMAIL PROTECTED] > Computer Security ICQ: 123710561 > Software Development WWW: http://www.gilliss.com/greg/ > PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4 14 0E 8C A3 > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
