mailing list archives
Re: Fwd: Information on MS99-022
From: avalon () COOMBS ANU EDU AU (Darren Reed)
Date: Sun, 4 Jul 1999 22:36:20 +1000
In some mail from Vanja Hrustic, sie said:
I haven't seen this on the Bugtraq, but it's very interesting...
So, if I have my custom-developed IDS running, I won't be able to implement
a pattern for this, because I am not a member of 'Intrusion Detection
Note the words...
"This will allow security vendors to have access to the information..." -
why only security vendors? What better they are than Bugtraq folks?
bugtraq is not _only_ for security vendors. It's open to the unwashed
masses, if you get my drift. I'm sure the ICSA IDS vendors are quite
happy with this approach :)
"Security through obscurity" comes to mind...
I would hazard a guess that the number of custom IDS systems in place is
a small number, so if you compare the number of hackers who would gain
information on how to exploit this feature and otherwise wouldn't (i.e.
script kiddies) and weigh that against those that run custom IDS solutions,
I think the scales will tip in favour of the script kiddies. I say that
because if you have your own IDS system, chances are you've built it on
a Unix system and hence run Unix elsewhere through your firewall, etc,
and wouldn't need to worry about this threat because you don't have IIS4.0
on any critical systems. Does that make some sense ?
Re: Fwd: Information on MS99-022 Weld Pond (Jul 05)
Re: Fwd: Information on MS99-022 Darren Reed (Jul 04)
Re: Fwd: Information on MS99-022 Marc (Jul 03)
Re: Fwd: Information on MS99-022 Russ (Jul 05)
Re: Fwd: Information on MS99-022 Aleph One (Jul 05)
- Re: Fwd: Information on MS99-022, (continued)