ssh and ids
From: Runion Mark A FGA DOIM WEBMASTER(ctr) (mark.runion_at_us.army.mil)
Date: 06/18/04
- Previous message: Drew Simonis: "Re: Anomaly Based Network IDS"
- Next in thread: Adam Powers: "Re: ssh and ids"
- Reply: Adam Powers: "Re: ssh and ids"
- Reply: Martin Roesch: "Re: ssh and ids"
- Maybe reply: Peter_Schawacker_at_NAI.com: "RE: ssh and ids"
- Maybe reply: Omar Herrera: "RE: ssh and ids"
- Reply: Gary Flynn: "Re: ssh and ids"
- Maybe reply: Matthew F. Caldwell: "RE: ssh and ids"
- Maybe reply: Ron Gula: "Re: ssh and ids"
- Maybe reply: Wozny, Scott (US - New York): "RE: ssh and ids"
- Maybe reply: Koç.net: "RE: ssh and ids"
- Maybe reply: Murtland, Jerry: "RE: ssh and ids"
- Maybe reply: Runion Mark A FGA DOIM WEBMASTER(ctr): "RE: ssh and ids"
- Maybe reply: Peter_Schawacker_at_NAI.com: "RE: ssh and ids"
- Maybe reply: Drew Copley: "RE: ssh and ids"
- Maybe reply: Frank Knobbe: "Re: ssh and ids"
- Maybe reply: David W. Goodrum: "Re: ssh and ids"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: focus-ids@securityfocus.com Date: Fri, 18 Jun 2004 18:18:54 -0000
Lets suppose the attacker is mildly sophisticated, and after making the
initial assault roots the box and installs a secure backdoor or two. Is
there any IDS capable of isolating data it cannot read, except to monitor
authorized port usage of a system or group of systems? Not to complicate
the question, but when the attacker is using portal gates and all
communications traffic is encrypted in normal channels how can an IDS
participate? Monitoring normal traffic patterns seems a bit slow for
detection.
-
Mark Runion
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: Drew Simonis: "Re: Anomaly Based Network IDS"
- Next in thread: Adam Powers: "Re: ssh and ids"
- Reply: Adam Powers: "Re: ssh and ids"
- Reply: Martin Roesch: "Re: ssh and ids"
- Maybe reply: Peter_Schawacker_at_NAI.com: "RE: ssh and ids"
- Maybe reply: Omar Herrera: "RE: ssh and ids"
- Reply: Gary Flynn: "Re: ssh and ids"
- Maybe reply: Matthew F. Caldwell: "RE: ssh and ids"
- Maybe reply: Ron Gula: "Re: ssh and ids"
- Maybe reply: Wozny, Scott (US - New York): "RE: ssh and ids"
- Maybe reply: Koç.net: "RE: ssh and ids"
- Maybe reply: Murtland, Jerry: "RE: ssh and ids"
- Maybe reply: Runion Mark A FGA DOIM WEBMASTER(ctr): "RE: ssh and ids"
- Maybe reply: Peter_Schawacker_at_NAI.com: "RE: ssh and ids"
- Maybe reply: Drew Copley: "RE: ssh and ids"
- Maybe reply: Frank Knobbe: "Re: ssh and ids"
- Maybe reply: David W. Goodrum: "Re: ssh and ids"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
