[Gllug] latest zero day Word flaw
Christopher Hunter
chrisehunter at blueyonder.co.uk
Fri Dec 8 05:55:51 UTC 2006
On Thu, 2006-12-07 at 16:25 +0000, - Tethys wrote:
> On 12/7/06, Bruce Richardson <itsbruce at workshy.org> wrote:
>
> > Skilled practitioners claim to be able to use Snort rulesets to detect
> > new, undocumented attacks and you could certainly use them to detect
> > patterns of network activity that indicated that there had been a
> > successful breach of security, without needing to know how it had been
> > done.
>
> Oh, I know the theory. I'm just not aware of anyone having ever put it
> to the test int he real world. In every single instance that I've come
> across, without exception, NIDS has been an item on a management tick
> list, rather than actually being genuinely useful.
Funnily enough, it proved useful to me the other day - my wife's company
had several desktop machines "running" Windows trashed by a malicious
email. The logs on their server allowed me to identify the culprit and
add firewall rules to prevent it happening again.
Chris
-------------- next part --------------
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list