Re: new intrusion detection system
From: Devon H. O'Dell (dodell_at_sitetronics.com)
Date: 10/19/04
- Previous message: Brian Barto: "Re: new intrusion detection system"
- In reply to: Brian Barto: "Re: new intrusion detection system"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 19 Oct 2004 23:55:01 +0200 To: Brian Barto <bartobri@comcast.net>
Brian Barto wrote:
> Very interesting stuff. Certainly worth more investigation.
>
> Something occurred to me while I read your thesis. Though maybe it was
> worth a mention. The TTL (time to live) could potentially cause the IDS
> module to be easily beaten. An attack could begin and immediately go
> into a sleep state with the intent to expire the TTL. Later resuming
> with it's actions going unnoticed.
>
> I hope to see more on this. I think it is a very creative and useful idea.
>
> Thanks,
> Brian
This is certainly something that will need to be researched and tuned in
practical environments. In many cases, it's not practical to wait for
over a certain period of time to perform the combination of commands
needed to exploit software due to network or file issues. But it is a
very valid point.
--Devon
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: Brian Barto: "Re: new intrusion detection system"
- In reply to: Brian Barto: "Re: new intrusion detection system"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
