OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Bugtraq Archives: Re: Fwd: Information on MS99-022

Re: Fwd: Information on MS99-022

Darren Reed (avalonCOOMBS.ANU.EDU.AU)
Sun, 4 Jul 1999 22:36:20 +1000

In some mail from Vanja Hrustic, sie said:
>
> I haven't seen this on the Bugtraq, but it's very interesting...
[...]
> So, if I have my custom-developed IDS running, I won't be able to implement
> a pattern for this, because I am not a member of 'Intrusion Detection
> Consortium'?
>
> Note the words...
>
> "This will allow security vendors to have access to the information..." -
> why only security vendors? What better they are than Bugtraq folks?

bugtraq is not _only_ for security vendors. It's open to the unwashed
masses, if you get my drift. I'm sure the ICSA IDS vendors are quite
happy with this approach :)

> "Security through obscurity" comes to mind...

I would hazard a guess that the number of custom IDS systems in place is
a small number, so if you compare the number of hackers who would gain
information on how to exploit this feature and otherwise wouldn't (i.e.
script kiddies) and weigh that against those that run custom IDS solutions,
I think the scales will tip in favour of the script kiddies. I say that
because if you have your own IDS system, chances are you've built it on
a Unix system and hence run Unix elsewhere through your firewall, etc,
and wouldn't need to worry about this threat because you don't have IIS4.0
on any critical systems. Does that make some sense ?

Darren

This archive was generated by hypermail 2.0b3 on Sun Jul 04 1999 - 06:44:48 CDT