At 09:25 PM 6/01/2001 +0000, you wrote:
>Thomas,
>Can you advice us a IDS that dont suck?
>I just use Linux at home so I'll probably keep using many things that suck,
>at least for try to learning how they suck, but others may need to know
>other IDS apps, for corporate use.
>http://website.lineone.net/~offthecuff/HIDS.htm
>(http://www.networkintrusion.co.uk)
>
>btw ... also many commercial stuff suck, in this case vulnerability
>scanners: http://www.nwc.com/1201/1201f1b1.html

IMHO IDS systems are close to worthless. At best they lets you know that you
have already been broken into, at worst, they breed a dangerous false sense of
security.
As a greater percentage of network traffic is being encrypted every day,
and an IDS
cannot "see" into encrypted traffic, it means that your IDS has a huge
blind-spot.
This is only going to get worse.
Test out any of the IIS exploits if you don't believe me (the unicode
exploit is a good
example because it works against IIS4 and IIS5) this exploit will sail
straight past your
IDS without raising a murmur, allow you to execute arbitrary programs on
the target
machine, and even download the servers Private SSL key. FUN!

Cheers

-Nix

-- 
Microsoft is to operating systems & security ....
                                       .... what McDonalds is to gourmet cooking
---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]