[Full-Disclosure] Re: signatures for Oracle Alert 68

From: Antonio Javier G. M. (legion_at_tierramedia.org)
Date: 11/24/04

  • Next message: nirvana: "Re: [Full-Disclosure] Re: signatures for Oracle Alert 68" 
    To: Valdis.Kletnieks@vt.edu
Date: Wed, 24 Nov 2004 12:54:31 +0100

     

    Valdis.Kletnieks@vt.edu writes:

    > On Tue, 23 Nov 2004 18:43:22 +0100, "Antonio Javier G. M." said:
    >> We need signatures for IDS/IDP for Oracle's alert 68.
                             ^^^^^^^^
    Just a reminder for everybody an the archives - In fact the question was
    very clear (see IDS/IDP --> Intrusion detection and prevention) and IDPs/IPS
    are condoms, not doctors, for example netscreen IDP and Nai IPS, an the last
    version of snort (based on snort inline).

     

    >> How can we protect against these attacks if we can not apply patches in some
    >> platforms?
    >
    > Just a reminder for everybody and the archives - unless you're using some sort
    > of firewall appliance that doesn't pass a packet that triggers a signature,
    > having a signature doesn't actually protect you.
    >
    > If you're just using Snort, and it coughs up a "Signature for Oracle 68"
    > message, it's *too late*. That's not a condom, that's the doctor telling you
    > the test came back positive.
    >
    > (An amazing number of people manage to get confused on this point, and probably
    > get hacked as a result....)
    >

    We really know what are we talking about. Please, use google to search for
    IDP or IPS technologies and snortinline.

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: nirvana: "Re: [Full-Disclosure] Re: signatures for Oracle Alert 68"

    Relevant Pages