It workd for NT based systems cuz of the array exe files in the source cmd.exe
not command.com as in windows 9x/me ----- Original Message ----- From: "Mark Crosbie" <[EMAIL PROTECTED]> To: "Carr, Aaron [CNTUS]" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Wednesday, March 06, 2002 8:23 PM Subject: RE: IDS that retaliates. > On Wed, 2002-03-06 at 06:22, Carr, Aaron [CNTUS] wrote: > > You may wish to clarify your meaning of "retaliate". When I think > > As a HIDS we tend to think of "retaliation" (which is such an aggresive > term) more in terms of "recovery". So if someone deletes the password > file we can copy a recovery version off a CDROM. In some ways this is > real-time retaliation because you are thwarting the attackers as they > act. > > What good does retaliation really get you though (apart from a whole > load of legal headache)? Wouldn't "recovery" be a better goal to aim > for? > > Mark. > -- > Mark Crosbie IDS/9000 Product Architect > http://www.hp.com/security/products/ids > Hewlett-Packard MS 47 LA [EMAIL PROTECTED] > 19447 Pruneridge Avenue (408) 447-2308 > Cupertino, CA 95014 (408) 447-6766 FAX
