From: Todd Towles (toddtowles@brookshires.com)
Date: Fri Jun 10 2005 - 01:15:55 EDT
Well, Sig based detection is that that sig based. So I am sure that new
attacks or old attacks may be able to bypass most IDS/IPS with various
techinques. But no IDS or IPS system is perfect. No firewall or AV is
perfect. We are talking about protection - nothing is 100% secure.
Blocking the basic SQL injection attack is better than nothing at all.
> -----Original Message-----
> From: jriden@it029205.massey.ac.nz
> [mailto:jriden@it029205.massey.ac.nz] On Behalf Of James Riden
> Sent: Thursday, June 09, 2005 10:01 PM
> To: Tim
> Cc: pen-test@securityfocus.com
> Subject: Re: SQL injection
>
> Tim <tim-pentest@sentinelchicken.org> writes:
>
> > I am sure many IPS/IDSes are great for stopping a lot of
> attacks. I
> > find it incredibly hard to believe that they stop all. It is far
> > better to write good code in the first place.
>
> Definitely true.
>
> > To those people out there who recommended this or that IPS/IDS:
> > Have you tested these against real attacks?
>
> Yes, I've caught real attacks using snort with the bleeding
> rules. As you say, perhaps only the obvious ones though
> ("xp_cmdshell").
>
> --
> James Riden / j.riden@massey.ac.nz / Systems Security
> Engineer GPG public key available at:
> http://www.massey.ac.nz/~jriden/ This post does not
> necessarily represent the views of my employer.
>
>
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:24 EDT