From: Jose Maria Lopez (jkerouaceresmas.com)
Date: Sat Aug 28 2004 - 11:58:57 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

El vie, 27 de 08 de 2004 a las 12:41, Harlan Carvey escribió:
> > We cleaned up all of these machines and rebuilt each
> > of them from
> > scratch, with all the latest patches. The IDS/IPS at
> > the edge of our
> > network, does not seem to be catching the bots which
> > are causing
> > these.
>
> When you say IDS/IPS, which are you referring to? If
> IDS, remember...they are signature-based. One of the
> biggest problems with employing such a technology is
> not understanding that it only detects those things
> that it has signatures for...

He can try to find his own signatures with ethereal or
a similar program and add it to the IDS/IPS. It's not
easy, but it's a good solution to catch the bots.
He can also try to get the bleeding edge rules if
he's using snort, it's a group of rules not ready for
including them in the main rules but useful to catch
new worms and similar annoyances.
The web is: http://www.bleedingsnort.com

--
Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouacbgsec.com
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAÑA

The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
                -- Jack Kerouac, "On the Road"

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]