On Mon, 2003-09-22 at 14:13, security snot wrote: > "Detect intrusions" - if you can set an IDS signature for something, then > you shouldn't be vulnerable to it. So the functionality of IDS is to tell > you when you've been compromised by six-month old public vulnerabilities > that dvdman has finally gotten his hands on an exploit for, that you never > bothered to patch for?
True, in an ideal world. However, in the _real_ one, things are slightly different. Especially on large networks (> thousands of systems), funny things start to happen. Your p.o.v. is typical for someone who only has the experience of a mom'n'pop type of network. -- Florin Andrei http://florin.myip.org/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
