Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Fwd: Information on MS99-022
From: avalon () COOMBS ANU EDU AU (Darren Reed)
Date: Sun, 4 Jul 1999 22:36:20 +1000


In some mail from Vanja Hrustic, sie said:

I haven't seen this on the Bugtraq, but it's very interesting...
[...]
So, if I have my custom-developed IDS running, I won't be able to implement
a pattern for this, because I am not a member of 'Intrusion Detection
Consortium'?

Note the words...

"This will allow security vendors to have access to the information..." -
why only security vendors? What better they are than Bugtraq folks?

bugtraq is not _only_ for security vendors.  It's open to the unwashed
masses, if you get my drift.  I'm sure the ICSA IDS vendors are quite
happy with this approach :)

"Security through obscurity" comes to mind...

I would hazard a guess that the number of custom IDS systems in place is
a small number, so if you compare the number of hackers who would gain
information on how to exploit this feature and otherwise wouldn't (i.e.
script kiddies) and weigh that against those that run custom IDS solutions,
I think the scales will tip in favour of the script kiddies.  I say that
because if you have your own IDS system, chances are you've built it on
a Unix system and hence run Unix elsewhere through your firewall, etc,
and wouldn't need to worry about this threat because you don't have IIS4.0
on any critical systems.  Does that make some sense ?

Darren


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]