Re: IDS alerts / second - Correlation - Virtualization

From: Devdas Bhagat (devdas_at_dvb.homelinux.org)
Date: 08/01/05

Next message: Fergus Brooks: "Re: Analysing and configuring IPS/IDS Policies"

Previous message: Rodrigo Blanco: "Re: Anyone know about a new McAfee IPS coming out?"
In reply to: Jason: "Re: IDS alerts / second - Correlation - Virtualization"
Next in thread: Jason: "Re: IDS alerts / second - Correlation - Virtualization"
Reply: Jason: "Re: IDS alerts / second - Correlation - Virtualization"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 1 Aug 2005 23:11:54 +0530
To: focus-ids@securityfocus.com

On 29/07/05 16:14 -0400, Jason wrote:
> The simple answer is because this mail would have never reached us and
> likely will not reach many already.
>
>
> CAT /ETC/PASSWD is also a perfectly valid Unix command on some systems
> in all caps.
>
> Do you think that this mail can be processed and confidently assured to
> be safe?
>
Ignoring the top posting habit,

Yes. Mail bodies traditionally are not run through eval(), but pattern
matched. Stuff sent to scripts through mail is a different beast, and in
general, that code is well written.

I have never seen any situation where a mail body contained a script
which would be run automatically on a Unix system. Plus, you can just
use a current scanner like amavisd-new to only allow valid commands to
be sent to the script (per recipient specifications).

Devdas Bhagat

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------

Next message: Fergus Brooks: "Re: Analysing and configuring IPS/IDS Policies"

Previous message: Rodrigo Blanco: "Re: Anyone know about a new McAfee IPS coming out?"
In reply to: Jason: "Re: IDS alerts / second - Correlation - Virtualization"
Next in thread: Jason: "Re: IDS alerts / second - Correlation - Virtualization"
Reply: Jason: "Re: IDS alerts / second - Correlation - Virtualization"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Custom Application Times in GPO?
... doing something like that would be to create a script to modify permissions ... "Jason" wrote in message ... >> Windows 2000 Directory Services ... >>When responding to posts, ...
(microsoft.public.win2000.group_policy)
Re: Apache error_log
... Jason wrote: ... I answered this same thing in the other security group, ... your server up to port 443 will dodge all of it. ... by the person that started the script for some further exploitation. ...
(comp.security.misc)
Re: Gprs Connection Linux
... I think you mean i have to start the shell and copy and paste your script ... "Jason" ha scritto nel messaggio ... but run the following script. ... > Underwater Visibility Database. ...
(alt.os.linux.suse)
Re: Run Script between a certain time
... > Jason, this sort of thing is normally done using the "windows task ... rather than just launching a script that sits around ... > If you are thinking that manually setting up a task for 1000 clients ... >> then run a command. ...
(microsoft.public.scripting.vbscript)
Re: Can someone explain what Ive done wrong...
... and binds it to the name "Jason". ... Everything works OK while your script runs. ... "main" module goes to clean things up. ...
(comp.lang.python)