Florin Andrei (2003-09-22 23:25Z) wrote: > On Mon, 2003-09-22 at 14:13, security snot wrote: > > "Detect intrusions" - if you can set an IDS signature for something, then > > you shouldn't be vulnerable to it. So the functionality of IDS is to tell > > you when you've been compromised by six-month old public vulnerabilities > > that dvdman has finally gotten his hands on an exploit for, that you never > > bothered to patch for? > > True, in an ideal world. > However, in the _real_ one, things are slightly different. Especially on > large networks (> thousands of systems), funny things start to happen.
Not even true in the ideal world. You can add IDS sigs for symptoms of breakins (e.g. shellcode) rather than vuln-specific signatures. But perhaps security snot has some magical cure for every possible unidentified remote security flaw? -- No man is clever enough to Times are bad. Children no longer know all the evil he does. obey their parents, and everyone -Francois de la Rochefoucauld is writing a book. -Cicero _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
