David Klotz wrote: > I can't find a reference to this now, but at Vern Paxon's talk at the > 1999 USENIX Workshop on Intrusion Detection he claimed that malicious > packets and broken packets are essentially indistinguishable. Last winter I watched a broken wireless bridge corrupt packets and make Snort go beserk. It was generating many alerts that I'd never seen before. I spent a bit of time investigating the possibility of some internal compromise, before doing a packet dump on both sides of the broken bridge to prove it was the real culprit. ---------------------------------------------------------------------------- Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Thu Jul 10 2003 - 15:07:58 PDT