RE: Fate Research Labs posting: RealSecure or Real"un"Secure

Mon, 06 Nov 2000 21:08:25 -0800 


TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED]  Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------

Audra -
         Please clarify your statement #1.  I am not aware of my ability to 
create a "signature" - I can create a custom filter that allows me to 
listen for a connection on a specific port to a destination.
         To the best of my knowledge, I can not, for example, have RS 
identify  a connection on port 25 that sends more than 255 characters after 
the "user" command is issued.

Please correct me if I'm mistaken -
         jld


At 03:35 PM 11/6/00 -0500, Eng, Audra wrote:

>TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
>[EMAIL PROTECTED]  Contact [EMAIL PROTECTED] for help with any problems!
>----------------------------------------------------------------------------
>
>We are getting ready to craft a response to this.  The Fate Research
>advisory is incorrect and there is no vulnerability described.
>
>1.  We do support user-defined signatures in RS
>
>2.  We released alerts for RDS and IIS Unicode
>
>User-defined signature for RDS hole, August 9, 1999:
>http://xforce.iss.net/alerts/advise32.php
>
>User-defined signature for Unicode hold, October 26, 2000:
>http://xforce.iss.net/alerts/advise68.php
>
>3.  The advisory describes a method for 'script kiddies' to detect
>RealSecure on port 2998.  When RS is in stealth mode, this is not possible
>
>4.  X-Force was not contacted to my knowledge about this vulnerability
>before it hit bugtraq.
>
>Audra Eng
>
>
>-----Original Message-----
>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
>Sent: Monday, November 06, 2000 8:12 AM
>To: [EMAIL PROTECTED]
>Cc: [EMAIL PROTECTED]
>Subject: Fate Research Labs posting: RealSecure or Real"un"Secure
>
>
>
>TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
>[EMAIL PROTECTED]  Contact [EMAIL PROTECTED] for help with any
>problems!
>----------------------------------------------------------------------------
>
>http://www.f8labs.com>/f8-103100-realsecure.txt  Has anyone from ISS
>responded to this??

Reply via email to