Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: signatures for Oracle Alert 68
From: "Antonio Javier G. M." <legion () tierramedia org>
Date: Wed, 24 Nov 2004 12:54:31 +0100

Valdis.Kletnieks () vt edu writes:
On Tue, 23 Nov 2004 18:43:22 +0100, "Antonio Javier G. M." said:
We need signatures for IDS/IDP for Oracle's alert 68.
Just a reminder for everybody an the archives - In fact the question was very clear (see IDS/IDP --> Intrusion detection and prevention) and IDPs/IPS are condoms, not doctors, for example netscreen IDP and Nai IPS, an the last version of snort (based on snort inline).

How can we protect against these attacks if we can not apply patches in some platforms?

Just a reminder for everybody and the archives - unless you're using some sort
of firewall appliance that doesn't pass a packet that triggers a signature,
having a signature doesn't actually protect you.
If you're just using Snort, and it coughs up a "Signature for Oracle 68"
message, it's *too late*.  That's not a condom, that's the doctor telling you
the test came back positive.
(An amazing number of people manage to get confused on this point, and probably
get hacked as a result....)

We really know what are we talking about. Please, use google to search for IDP or IPS technologies and snortinline.
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]