Intrusion Detection Systems mailing list archives

Re: The CVE (WAS: RE: RE: Ramping up for another review)

From: dugsong () monkey org (Dug Song)
Date: Sun, 16 Jul 2000 02:50:16 -0400 (EDT)


Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au
On Sat, 15 Jul 2000, Greg Shipley wrote:

you're not an religious FreeBSD user, are you?


ooh, them's fightin' words! strictly OpenBSD, sir. :-)

honestly, do you really think that Cisco and ISS are going to screw
up, say, an attack on wu-ftpd and confuse it with something else?


no, i'm saying that we don't have a common way to describe attacks now,
which is a major hinderance to any REAL interoperability. the problem with
simply enumerating attacks, as the CVE does, is that not everyone counts
them the same way - what one IDS calls "overlapping IP fragments" another
may call "teardrop", and yet another "newtear". how useful are these names
by themselves?

What I was looking at a year ago was typical of academia land: debate
the 10,000ft view and theoretical proofs of something until you are
blue in the face and never implement anything worthwhile.


the UC Davis Seclab Vulnerabilities project, Krsul's thesis at Purdue,
Ulf Lindquist's taxonomy in IDLE, etc. all provided open frameworks for
describing and classifying vulnerabilities and attacks; it's a shame
nothing more became of them, but then the CVE really didn't have to start
from scratch...

    http://www.commoncriteria.org/


I'm not qualified to comment on this one.  :)


the CC is at least as lame as any other certification program
(technically, perhaps even worse), but at least it pretends to be based on
some kind of sound engineering and testing principles, if that's really
what you're looking to the CVE to provide.

i'm just concerned that we've given up on real testing and evaluation
methodology in favor of simple marketing feature checklists; i suppose
this is a problem with the software industry in general, but i hate to see
computer security follow the trend.

-d.

http://www.monkey.org/~dugsong/

Current thread:

Re: NT Host Vulnerability Scanners, (continued)
- - - Re: NT Host Vulnerability Scanners Talisker (Jul 16)
    - RES: NT Host Vulnerability Scanners Marlon Jabbur (Jul 17)
    - Re: RES: NT Host Vulnerability Scanners mht () clark net (Jul 17)
  - Re: NT Host Vulnerability Scanners Carric Dooley (Jul 18)
  - Re: NT Host Vulnerability Scanners Carric Dooley (Jul 18)
  - JOB OPPORTUNITY Ann Pohlers (Jul 18)
    - Re: JOB OPPORTUNITY John S Flowers (Jul 18)
- RE: The CVE (WAS: RE: RE: Ramping up for another review) Lodin, Steven {IT S~Indianapolis} (Jul 14)
- RE: The CVE (WAS: RE: RE: Ramping up for another review) Farrell, Dave E (Jul 14)
- Re: The CVE (WAS: RE: RE: Ramping up for another review) Greg Shipley (Jul 15)
  - Re: The CVE (WAS: RE: RE: Ramping up for another review) Dug Song (Jul 15)
    - Re: The CVE (WAS: RE: RE: Ramping up for another review) David Baker (Jul 17)
- Re: The CVE (WAS: RE: RE: Ramping up for another review) Marcus J. Ranum (Jul 16)