Re: CRIME Checkpoint versus Sonicwall

From: Seth Arnold (sarnold@private)
Date: Thu Aug 29 2002 - 23:55:02 PDT

  • Next message: Justin Kurynny: "RE: CRIME Checkpoint versus Sonicwall"

    On Thu, Aug 29, 2002 at 06:21:22PM -0700, Andrew Plato wrote:
    > Besides, we do a lot more than merely monitor. There is IDS tuning,
    > optimization, signature updating, and general analysis to insure the
    > system is running optimally and spitting out relevant information and
    > not just gobs of false positives. 
    
    [Andrew, thank you for line wrapping; it was much easier to read. :]
    
    I think we've gone over the various arguments pretty well at this time;
    however, we are still speaking in rather generic terms. I'm curious to
    know what your response would be when you go through your customers'
    weekly logs and discover that someone has successfully run an attack
    against one of your customers' machines. Say, the apache chunked
    encoding vulnerability; this one was publicly known, and in sufficient
    detail for IDS fingerprint authors to have a signature sent to you and
    integrated automatically into your clients' IDS, well in advance of an
    official apache upgrade becoming available.
    
    What happens next? I can guess a phone call to the system administrators
    saying, "hey, you were owned on tuesday", but where do you go from there?
    
    -- 
    http://immunix.org/
    
    
    



    This archive was generated by hypermail 2b30 : Fri Aug 30 2002 - 00:57:02 PDT