In some mail from Vanja Hrustic, sie said: > > I haven't seen this on the Bugtraq, but it's very interesting... [...] > So, if I have my custom-developed IDS running, I won't be able to implement > a pattern for this, because I am not a member of 'Intrusion Detection > Consortium'? > > Note the words... > > "This will allow security vendors to have access to the information..." - > why only security vendors? What better they are than Bugtraq folks? bugtraq is not _only_ for security vendors. It's open to the unwashed masses, if you get my drift. I'm sure the ICSA IDS vendors are quite happy with this approach :) > "Security through obscurity" comes to mind... I would hazard a guess that the number of custom IDS systems in place is a small number, so if you compare the number of hackers who would gain information on how to exploit this feature and otherwise wouldn't (i.e. script kiddies) and weigh that against those that run custom IDS solutions, I think the scales will tip in favour of the script kiddies. I say that because if you have your own IDS system, chances are you've built it on a Unix system and hence run Unix elsewhere through your firewall, etc, and wouldn't need to worry about this threat because you don't have IIS4.0 on any critical systems. Does that make some sense ? Darren
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:51:28 PDT