Intrusion Detection Systems mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IDS engines put this together

From: gshipley () neohapsis com (Greg Shipley)
Date: Mon, 12 Jun 2000 10:41:18 -0500 (CDT)

Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au

On Sun, 11 Jun 2000, Lance Spitzner wrote:


Today one of my honeypots was probed for spam relay.  Do
IDS engines have the 'intelligence' to put this session
together and realize the remote system is probing for
spam relay sites?  Signature is below.  My domain name
has been sanitized, but all other information is valid.


Do current NIDS have signatures for SAPMing?  No - none that I know of,
anyway.  Could they?  Yeah, sure, but it would be a more complicated
signature (read: it would "cost" more, performance wise).  However, I
think some would argue that it would be more efficient to have this
flagged/identified by a vulnerability assessment product.  But then again,
it would be better if people ran vulnerability assessment scanners in the
first place (for everything) and locked their #$@#$%@# down before they
could even get attacked....but I'm getting beyond the scope of your
original question.  :)

-Greg
Previous By Date Next
Previous By Thread Next

Current thread: