Intrusion Detection Systems mailing list archives
Re: Good source of intrusion detection and response steps?
From: robert_david_graham () yahoo com (Robert Graham)
Date: Fri, 24 Mar 2000 09:13:27 -0800 (PST)
Archive: http://msgs.securepoint.com/ids FAQ: http://www.ticm.com/kb/faq/idsfaq.html IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au --- Matt Baney <baney () shai-seattle com> wrote:
What are the best sources for detailed (ie. step by step ) information for detecting and responding to intrusions? I'm looking for something that is more detailed than the CERT advisories, and that may also contain response and forensic details. Something that might includes the necessary steps to detect an intrusion and also provide the necessary response steps to stop or negate the intrusion while preserving forensic information that would be necessary for legal action or be useful in identifying the perpetrator or source of the attack. Does this kind of information exist anywhere?
The best source of this information is the bugtraq vulnerabilities database: http://www.securityfocus.com/vdb/ If a vulnerability occurs, it eventually gets discussed on bugtraq. It is also the most up-to-date information. If you are using an IDS and it doesn't point to the bugtraq info, then shame on them. There is the CVE effort attempts to standardize the names of vulnerabilities among different vendors: http://cve.mitre.org/ But unfortunately, it is really just a way to correlate info among vendors rather than containing information itself. Some vendors of IDSs maintain databases: http://advice.networkice.com/advice/intrusions http://xforce.iss.net http://www.whitehats.com I particularly proud of the job that Network ICE does. It spends a lot of time describing in plain english to the less technical user what the intrusion means, and providing links to other resources that experts can drill down into. Examples: http://advice.networkice.com/advice/concordance/BugtraqID/ http://advice.networkice.com/advice/Intrusions/2003017/ Our website is rather more popular than either bugtraq's or xforce's, too :-) Robert Graham CTO/Network ICE __________________________________________________ Do You Yahoo!? Talk to your friends online with Yahoo! Messenger. http://im.yahoo.com
Current thread:
- Re: Good source of intrusion detection and response steps? Robert Graham (Mar 24)
- Re: Good source of intrusion detection and response steps? -reply mht () clark net (Mar 24)
- Re: Good source of intrusion detection and response steps? Matt Baney (Mar 24)
- Re: Good source of intrusion detection and response steps? Jackie Chan (Mar 24)
- Re: Good source of intrusion detection and response steps? Philippe Bourgeois (Mar 27)
- IDS for Win2k Martins, Fernando (Lisbon) (Mar 27)
- Re: IDS for Win2k Greg Shipley (Mar 27)
- Re: Good source of intrusion detection and response steps? Jackie Chan (Mar 24)
- a novice question. RajKumar S. (Mar 24)
- Re: a novice question. Jackie Chan (Mar 25)
- Re: a novice question. Stuart Staniford-Chen (Mar 25)
- Re: a novice question. Jackie Chan (Mar 25)