Snort mailing list archives
RE: IDS and Firewall
From: Matt Kettler <mkettler () evi-inc com>
Date: Thu, 29 Apr 2004 15:05:53 -0400
At 09:17 AM 4/29/2004, Shaffer, Paul D wrote:
At 07:46 PM 4/28/2004, Matt Kettler wrote: >There are others (ie: Paul) who feel it's better to make the >compromise in order to gain the benefits of having an IDS on hand.Matt, I had to start over because I was got dizzy trying to follow the back and forth in that offline email we had going. I appreciate you ceding this point.
Yep, it's just a matter of difference of opinion on priorities.
And I remember when those two vulnerabilities you mentioned (in our offline conversation) came out last year, but don't recall hearing about them ever being successfully exploited.
Exploits for the old snort 1.9.1 bugs are definitely in-the-wild and not theoretical:
http://lists.debian.org/debian-security/2003/debian-security-200304/msg00332.html http://packetstormsecurity.org/0304-exploits/p7snort191.sh
I'm sure you'll agree that generally speaking, computer security is all about countering or mitigating risk. The old saying about the computer locked in a safe at the bottom of the ocean comes to mind. True absolutes a few and far between. Everything is a compromise at some level.
Yep.. I agree with you.. You and I just have different priorities as to what parts of the compromise is important.
We're just disagreeing on what the value of an IDS is, compared with the value of a secure firewall. To me, it's no question, but you think differently, and we both hold our opinions quite strongly.
------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10gGet certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: IDS and Firewall, (continued)
- Re: IDS and Firewall Ravi (Apr 28)
- Re: IDS and Firewall Marcin Laskowski (Apr 28)
- Re: IDS and Firewall Alejandro Flores (Apr 28)
- Re: IDS and Firewall Kernel The Canine (Apr 28)
- Re: IDS and Firewall Matt Kettler (Apr 28)
- Re: IDS and Firewall Alejandro Flores (Apr 28)
- RE: IDS and Firewall Jim Hendrick (Apr 28)
- Re: IDS and Firewall Matt Kettler (Apr 28)
- RE: IDS and Firewall Shaffer, Paul D (Apr 28)
- Re: IDS and Firewall James Riden (Apr 28)
- RE: IDS and Firewall Shaffer, Paul D (Apr 29)
- Message not available
- RE: IDS and Firewall Matt Kettler (Apr 29)
- Snort Rule Downloading - No Updates Since 4/15? Snortty (Apr 30)
- Message not available