Hosting Provided By

RE: IDS is dead, etc

From: Tom Arseneault <TArseneault(at)counterpane.com>
Date: Wed Aug 06 2003 - 13:56:31 EDT

Any particular Nimda attack if your patched does'nt mean anything, however if the volumn of attacks rise sharply in a short time period it's time to research as to why is going up: are you the only one seeing it? Is it a general rise in volumn for the Internet as a whole? Is part of a signature of some new vulnerability? That is why you care even if your patched.

Thomas J. Arseneault
Security Engineer
Counterpane Internet Security
tarseneault@counterpane.com

-----Original Message-----
From: Paul Schmehl [mailto:pauls@utdallas.edu] Sent: Wednesday, August 06, 2003 3:39 AM To: focus-ids@securityfocus.com
Subject: Re: IDS is dead, etc

--On Tuesday, August 05, 2003 13:11:37 -0400 "David W. Goodrum" <dgoodrum@nfr.com> wrote:
>
> One, provide the customer with more information (i.e. I see nimda

This brings up what I guess is a philosophical question. Why would you want to know about Nimda attacks against your servers? If you're properly secured, they won't have any effect. And if you're not, you'll know about them soon enough.

I've altered all these types of rules to alert me when a host *inside* our network is infected. Now *that* I want to know about. To me, Nimda/Code Red/Slammer attacks from the outside are just part of the background noise of the Internet.

Am I wrong to think this way?

Do you need help?

Paul Schmehl (pauls@utdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu

Captus Networks - Integrated Intrusion Prevention and Traffic Shaping

Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
Automatically Control P2P, IM and Spam Traffic
Ensure Reliable Performance of Mission Critical Applications Precisely Define and Implement Network Security and Performance Policies **FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo Visit us at: http://www.captusnetworks.com/ads/31.htm

Captus Networks - Integrated Intrusion Prevention and Traffic Shaping

Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
Automatically Control P2P, IM and Spam Traffic
Ensure Reliable Performance of Mission Critical Applications Precisely Define and Implement Network Security and Performance Policies **FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo Visit us at: http://www.captusnetworks.com/ads/31.htm

Received on Wed Aug 6 14:41:33 2003

This message: [ Message body ]
Next message: Alfredo Octavio: "Re: snort- problems"
Previous message: Auro Pontes: "RES: snort- problems"
Maybe in reply to: Martin Roesch: "IDS is dead, etc"
In reply to David W. Goodrum: "Re: IDS is dead, etc"
Next in thread: Mark Tinberg: "RE: IDS is dead, etc"
Reply: Mark Tinberg: "RE: IDS is dead, etc"
Reply: Bennett Todd: "Re: IDS is dead, etc"
Reply: maz: "Re: IDS is dead, etc"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:16 EDT