|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: IDS is dead, etc
From: Tom Arseneault (TArseneault
counterpane.com)
Date: Wed Aug 06 2003 - 12:56:31 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
My $.02 worth...
Any particular Nimda attack if your patched does'nt mean anything, however
if the volumn of attacks rise sharply in a short time period it's time to
research as to why is going up: are you the only one seeing it? Is it a
general rise in volumn for the Internet as a whole? Is part of a signature
of some new vulnerability? That is why you care even if your patched.
Thomas J. Arseneault
Security Engineer
Counterpane Internet Security
tarseneaultcounterpane.com
-----Original Message-----
From: Paul Schmehl [mailto:paulsutdallas.edu]
Sent: Wednesday, August 06, 2003 3:39 AM
To: focus-idssecurityfocus.com
Subject: Re: IDS is dead, etc
--On Tuesday, August 05, 2003 13:11:37 -0400 "David W. Goodrum"
<dgoodrumnfr.com> wrote:
>
> One, provide the customer with more information (i.e. I see nimda
> alerts, but it also says that the dest OS is RedHat, therefore the end
> user can ignore it).
This brings up what I guess is a philosophical question. Why would you
want to know about Nimda attacks against your servers? If you're properly
secured, they won't have any effect. And if you're not, you'll know about
them soon enough.
I've altered all these types of rules to alert me when a host *inside* our
network is infected. Now *that* I want to know about. To me, Nimda/Code
Red/Slammer attacks from the outside are just part of the background noise
of the Internet.
Am I wrong to think this way?
Paul Schmehl (paulsutdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu
---------------------------------------------------------------------------
Captus Networks - Integrated Intrusion Prevention and Traffic Shaping
- Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
- Automatically Control P2P, IM and Spam Traffic
- Ensure Reliable Performance of Mission Critical Applications
Precisely Define and Implement Network Security and Performance Policies
**FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
Visit us at: http://www.captusnetworks.com/ads/31.htm
---------------------------------------------------------------------------
---------------------------------------------------------------------------
Captus Networks - Integrated Intrusion Prevention and Traffic Shaping
- Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
- Automatically Control P2P, IM and Spam Traffic
- Ensure Reliable Performance of Mission Critical Applications
Precisely Define and Implement Network Security and Performance Policies
**FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
Visit us at: http://www.captusnetworks.com/ads/31.htm
---------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]