illurity-logo
Log in

Site menu:

Categories

Tags

Site search

September 2018
M T W T F S S
« Dec    
 12
3456789
10111213141516
17181920212223
24252627282930

Links:

Archives

Archive for 'IDS/IDP'

Rumors and Preparedness

There are rumors circulating around SANS and full-disclosure circles that there is a 0day SSH exploit in the wild that might be announced sometime around the upcoming Black Hat event. Whether or not it is true is to be seen, but beyond the question of “is it or isn’t it,” it’s interesting to consider the […]

Banners Are Poor Liars

In response to a risk assessment and security audit being performed by one of the proliferating lot of peddlers of such services, a friend recently asked my position on obscuring the banner on our application platforms. This “best-practice” of concealing the true identity of web and FTP servers, SMTP engines, et al, has been around […]

NG-HD-FW-FUD

It must have been the striking dearth of jargon that led the security industry to introduce a new term for an existing technology: High-Definition (or Next-Generation) firewalls want you to ask yourself the question: “Is the traffic on your network a wolf in sheep’s clothing?” In other words, let’s say you’ve configured your firewall to […]

Firekeeper IDS/IPS Firefox Plugin

Firekeeper is a snort-like plug-in for Firefox that embeds intrusion detection and prevention directly into the browser. The rule language is a simplified version of Snort’s, with a focus on browser-based attacks. Good potential for use as as a dynamically updated host-based IDS without the need for a separate HIDS installation. A similar add-on for […]

Snort Vulnerability: Intruding on the Intrusion Protector

Secunia just announced an algorithmic complexity attack exploiting the behavior of Snort’s (pre-2.6.1) predicate-based rule matching. Susceptibility to the backtracking attack with custom crafted packets is rule dependent (based largely on the presence of relative-position content matching), and is estimated by the reporters to affect about 300 Snort signatures with varying intensity. A successful attack […]