RE: How to choose an IDS/FW MSS provider

From: Stuart Staniford (stuart_at_nevisnetworks.com)
Date: 03/15/05

  • Next message: Joshua Berry: "RE: How to choose an IDS/FW MSS provider"
    To: "'David W. Goodrum'" <dgoodrum@nfr.com>, "'Adam Powers'" <apowers@lancope.com>
    Date: Mon, 14 Mar 2005 20:46:51 -0800
    
    

    David Goodrum wrote:

    > And yes,
    > it's possible
    > to compromise systems that are simply sniffing... but it's
    > much harder.
    > I know of only one product that's been successfully remotely
    > exploited
    > in this manner, and the only reason that happened was because
    > it was an
    > opensource product that allows hackers to read the source
    > code and look
    > for ways to compromise it.

    Mmmm. The Witty worm last year compromised ISS deployments in this manner.

    Stuart.

    Stuart Staniford, Principal Scientist
    Nevis Networks
    stuart@nevisnetworks.com
    408-327-4652

    --------------------------------------------------------------------------
    Test Your IDS

    Is your IDS deployed correctly?
    Find out quickly and easily by testing it with real-world attacks from
    CORE IMPACT.
    Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
    to learn more.
    --------------------------------------------------------------------------


  • Next message: Joshua Berry: "RE: How to choose an IDS/FW MSS provider"