# RootPrompt.org   Nothing but Unix.[Home] [Features] [Programming] [Mac OS X] [Search]

 Issues Discovering Compromised Machines

"In addition, as advanced blackhat community moves beyond buffer overflows into new exploit type areas and zero-days attacks (with non-public exploits against non-public vulnerabilities) have a chance of becoming more common, traditional intrusion detection rates might decrease even further, giving defenders no chance to detect, let along stop the attack.   Obviously, in case of a zero-day attack, detecting a second order (i.e. after-exploit) trace becomes the only option, as the attack itself will most likely fly through most network security monitoring gear by the very nature of being a "zero-day". Some of the existing attacks can also be mutated and optimized to pass through some of the detection filters."

 (Submitted by Noel Mon Nov 22, 2004 )


Our content can be syndicated: Main page Mac Page

Copyright 1999-2005 Noel Davis. Noel also runs web sites about sailing and kayaking.
All trademarks are the property of their owners.
All articles are owned by their author