Issues Discovering Compromised Machines
"In addition, as advanced blackhat community moves beyond buffer overflows into new exploit type areas and zero-days attacks (with non-public exploits against non-public vulnerabilities) have a chance of becoming more common, traditional intrusion detection rates might decrease even further, giving defenders no chance to detect, let along stop the attack. Obviously, in case of a zero-day attack, detecting a second order (i.e. after-exploit) trace becomes the only option, as the attack itself will most likely fly through most network security monitoring gear by the very nature of being a "zero-day". Some of the existing attacks can also be mutated and optimized to pass through some of the detection filters."
(Submitted by Noel Mon Nov 22, 2004 )
Our content can be syndicated: Main page Mac Page
Copyright 1999-2005 Noel Davis. Noel also runs web sites about sailing and kayaking.
All trademarks are the property of their owners.
All articles are owned by their author