Intrusion Detection Systems mailing list archives
RE: A novice question
From: Talisker () technologist com (Talisker)
Date: Sun, 26 Mar 2000 11:18:58 +0100
Raj
from all the mails i have been getting here i belive that all the IDS products have all the available attack signatures. ie even if the network that i use do not contain any solaris or NT my IDS s/w will check for all the possible exploits that can be mounted against an nt or solaris. now why is this necessary. since the performance of an IDS system can be improved if the number of attack signature can be reduced.
The IDS that I have played with have all been modular with their signature selection, ie you can turn off those signatures that are obsolete or not relevant. Beware though. retaining those signatures may detect an outgoing attack against someone else from either an unscrupulous person from within your network or a compromised system. Either way you will be held partly responsible. Take Care Andy www.internations.net/uk/talisker
Current thread:
- Re: IDS for Win2k, (continued)
- Re: IDS for Win2k Greg Shipley (Mar 27)
- a novice question. RajKumar S. (Mar 24)
- Re: a novice question. Jackie Chan (Mar 25)
- Re: a novice question. Stuart Staniford-Chen (Mar 25)
- Re: a novice question. Jackie Chan (Mar 25)
- Intruder Alert Chad Harrington (Mar 25)
- CERT advisories,.. Koriun Margaryan (Mar 28)
- RE: CERT advisories,.. Peter Kelly (Mar 28)
- Re: CERT advisories,.. Cliff Rayman (Mar 28)
- RE: CERT advisories,.. Peter A. Thermos (Mar 28)
- RE: A novice question Talisker (Mar 26)
- Re: a novice question. Stuart Staniford-Chen (Mar 25)
- Re: packet capture and replay Jackie Chan (Mar 24)
- Re: Good source of intrusion detection and response steps? -reply mht () clark net (Mar 24)