Colapse all |
Post message
Single Stage Attacks? 2009-05-17 snort user (snort user gmail com) (2 replies) Greetings All, Typically, network based attacks have multiple stages. (reconnaissance, infection, download rootkit, call home, further infection etc) Some attacks may have a single stage (without reconnaissance) to compromise a host. However, even those attacks have a post-compromise stage, such a [ more ] [ reply ] Evasion with OLE2 Fragmentation 2009-05-15 H D Moore (sflist digitaloffense net) This applies more to AVs than IPS, but is yet another thing for IDS sig developers to be aware of: - http://www.breakingpointsystems.com/community/blog/evasion-with-ole2-fra gmentation "At BreakingPoint, we provide comprehensive coverage of Microsoft Tuesday patches. This Tuesday was no diff [ more ] [ reply ] Yanýt: Checkpoints Smartdefense as an IPS 2009-05-15 a bv (vbavbalist gmail com) Thanks for the answers, and let me go to further questions. If you are using smartdefense how do you manage/how often do you update/and what do you do to get most from it? regards 2009/4/29, John Jasen <jjasen (at) realityfailure (dot) org [email concealed]>: > a bv wrote: >> Hi list, >> >> I want to ask to list for the opin [ more ] [ reply ] [ask]Generating signatures using Honeycomb 2009-05-10 topimiring yahoo com Hi guys, I've just succesfully deployed honeyd and honeycomb on my virtual network under user mode linux env. What should I do to start generating snort signatures from honeycomb ? what kind of traffic should i send to honeyd host in order to generate the snort signatures? Thank you [ more ] [ reply ] RE: x-forwarded-for an IDS capability 2009-04-29 Hellman, Matthew (Hellman Matthew principal com) (2 replies) I believe that the original poster is trying to deal with the problem of not having the true source IP address for a given IDS alarm specifically because of a forwarding proxy or NAT device on his own network. The mistake in my response may be that I'm assuming the user is concerned with his OWN sou [ more ] [ reply ] Re: x-forwarded-for an IDS capability 2009-05-07 Jason Haar (Jason Haar trimble co nz) (1 replies) Fwd: x-forwarded-for an IDS capability 2009-04-29 Arian J. Evans (arian evans anachronic com) inline. re-send as plaintext. On Wed, Apr 29, 2009 at 7:55 AM, Hellman, Matthew <Hellman.Matthew (at) principal (dot) com [email concealed]> wrote: > > That's a nice idea, I personally haven't seen or heard of it being implemented. > If you can get a trace with the alert you might see it there. Also, a SIM should > be able to [ more ] [ reply ] x-forwarded-for an IDS capability 2009-04-29 James (jimbob coffey gmail com) (3 replies) Hi List, Does anyone know of an IDS vendor/or opensource product that has the capability of associating an ip address in an x-forwarded-for http header with an IDS event ? This includes events that fire on a download as well so there would need to be some kind of internal http state management. I [ more ] [ reply ] Checkpoints Smartdefense as an IPS 2009-04-28 a bv (vbavbalist gmail com) (4 replies) Hi list, I want to ask to list for the opinion on Checkpoints Smartdefense. For the past and current users , how enough/successfull do you find it as an ips for your enterprise? Do you use additional ids/ips if so what purposes and to monitor what segments/parts of your infrastructure.? And how do [ more ] [ reply ] Re: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? 2009-04-27 Jeremy Bennett (jeremyfb mac com) Emm, A laptop with a wifi interface connected to the network with the intention of extending the network into wireless is just as much of a threat as an unauthorized AP. However, most laptops that are connected to the LAN are not connected with the goal of extending the network. Most of them just h [ more ] [ reply ] |
Privacy Statement |
----------------------------------------------------------------------
C A L L F O R P A R T I C I P A T I O N
======================================================================
DIMVA
[ more ] [ reply ]