[Gllug] latest zero day Word flaw

- Tethys tethys at gmail.com
Thu Dec 7 11:52:05 UTC 2006


On 12/7/06, Chris Bell <chrisbell at overview.demon.co.uk> wrote:

> I am running a firewall with the Snort intrusion detection system

Just curious... what good does it do you? I've always been somewhat
bemused by the concept of have a NIDS like Snort (HIDS on the other
hand, I deem essential). What information have you gleaned from
running Snort that has caused you to take some action, and what was
that action? Great, so you know someone is running a particular attack
against your machines. Either you already know about the
vulnerability, in which case you've presumably already either patched
against it, or blocked it at the firewall, or you don't know about it,
in which case, how does Snort help?

About the best case for NIDS I can come up with is that it might allow
you to retroactively see if you were compromised after becoming aware
of a vulnerability. But even then, if Snort has a signature for an
attack, you should know about the vulnerability associated with that
signature, so it's a pretty weak case.

Tet
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list