[Snort-users] IDS and Firewall

Matt Kettler mkettler at ...4108...
Thu Apr 29 12:07:01 EDT 2004


At 09:17 AM 4/29/2004, Shaffer, Paul D wrote:
>At 07:46 PM 4/28/2004, Matt Kettler wrote:
>
> >There are others (ie: Paul) who feel it's better to make the
> >compromise in order to gain the benefits of having an IDS on hand.
>
>Matt, I had to start over because I was got dizzy trying to follow the 
>back and forth in that offline email we had going.  I appreciate you 
>ceding this point.

Yep, it's just a matter of difference of opinion on priorities.

>  And I remember when those two vulnerabilities you mentioned (in our 
> offline conversation) came out last year, but don't recall hearing about 
> them ever being successfully exploited.

Exploits for the old snort 1.9.1 bugs are definitely in-the-wild and not 
theoretical:

http://lists.debian.org/debian-security/2003/debian-security-200304/msg00332.html

http://packetstormsecurity.org/0304-exploits/p7snort191.sh


>I'm sure you'll agree that generally speaking, computer security is all 
>about countering or mitigating risk.  The old saying about the computer 
>locked in a safe at the bottom of the ocean comes to mind.  True absolutes 
>a few and far between.  Everything is a compromise at some level.

Yep.. I agree with you.. You and I just have different priorities as to 
what parts of the compromise is important.

We're just disagreeing on what the value of an IDS is, compared with the 
value of a secure firewall. To me, it's no question, but you think 
differently, and we both hold our opinions quite strongly.







More information about the Snort-users mailing list