Hi2all First of all, thanks for the replies, they make me feel good since it seems that everybody is handling well old code, bugy software and outdated books =;o) (a nice new book to buy, probably outdated too ... http://www.penguinputnam.com/catalog/nfiction/books/19281_description.html - Crypto) About IDS being worthless, i suppose it depends to each one answers to Thomas questions (what we want to protect, how much we can spend, and so on ...), and how the rest of the system is protected or not. For home use i suppose the issue is well covered, so what about IDS systems like: - they use information collected from remote IDS agents; - they apply IDS signatures to input from other security tools; - they accept input from other IDS tools; - they not just centralize syslogs without adding any analysis. Like ... Dragon Server or RealSecure Manager (or others like those) are worthless?
This is only going to get worse. Test out any of the IIS exploits if you don't believe me (the unicode exploit is a good example because it works against IIS4 and IIS5) this exploit will sail straight past your IDS without raising a murmur, allow you to execute arbitrary programs on the target machine, and even download the servers Private SSL key. FUN!
Nix, i believe in you, but from my point of view things are going better and better, since my money come from tech support :> If i beleave in IIS with my eyes closed, I shouldn't be in this list or using any linux distro, in the other hand, since I run at work IIS servers, I don't need to use somebody else exploits to know *how* IIS is weak. In fact, usually a browser is the only tool i use for test IIS servers. But since bad code and/or bad admins are all around, for some Apache servers a browser can be very usefull too *g*. This is just and example on how a 'bad' query can give you some info that you didn't asked for ... (html output on my browser) Tue, 9 Jan 2001 10:59:11 GMT ORA-06550: line 7, column 2: PLS-00306: wrong number or types of arguments in call to 'DETAILS' ORA-06550: line 7, column 2: PL/SQL: Statement ignored XXXXXXX: SIGNATURE (parameter names) MISMATCH VARIABLES IN FORM NOT IN PROCEDURE: VSITE NON-DEFAULT VARIABLES IN PROCEDURE NOT IN FORM: DAD name: XXXXXXX PROCEDURE : XXXXXXX URL : XXXXXXX PARAMETERS : =========== ID: 2189 V_LNG: 5 VSITE: ENVIRONMENT: ============ PLSQL_GATEWAY=WebDb GATEWAY_IVERSION=1 SERVER_SOFTWARE=Apache/1.3.9 (Unix) mod_perl/1.21 ApacheJServ/1.1 GATEWAY_INTERFACE=CGI/1.1 SERVER_PORT=7777 SERVER_NAME=XXXXXXX REQUEST_METHOD=GET QUERY_STRING=id=2189&v_lng=5&vsite= PATH_INFO=XXXXXXX SCRIPT_NAME=XXXXXXX REMOTE_ADDR=XXXXXXX SERVER_PROTOCOL=HTTP/1.0 REMOTE_USER=XXXXXXX SCRIPT_PREFIX=XXXXXXX HTTP_USER_AGENT=Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90) HTTP_HOST=XXXXXXX HTTP_ACCEPT=image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, */* HTTP_ACCEPT_ENCODING=gzip, deflate HTTP_ACCEPT_LANGUAGE=XXXXXXX Just a kid using WinME and IE5.5, so who cares? Without a single portscan or any kind of scan, I did get some info, didn't I? There is no IDS protection against this ... [ ]'s bacano