I dunno why on earth I have this blog.
Enumerating badness?
Suddenly it popped up in my mind. Why? When our researcher asked me to help him in gathering all available attack packets or traffics for him. I told him, instead of we trying to identify/categorizing/accumulating/storing all the attacks traffics in order to understand the attacks pattern, why not we identify the normal traffics for the monitored segments and any significant deviation from this normal traffics can be considered suspicious. Even the main rule of writing snort rules is always capture the vulnerability and not the attack tools. The reason? There are thousands of attack pattern for a vulnerability. We can never fully record all the attack methods. It’s quite impossible IMHO. And of cause there is no way we can identify any 0-dayz attacks if we concentrating on enumerating attacks instead of concentrating on the normal traffics.
One of the ICT Security DUMB ideas in motion I guess.. 
| Print article | This entry was posted by ayoi on March 21, 2008 at 4:40 pm, and is filed under work and IT. Follow any responses to this post through RSS 2.0. You can skip to the end and leave a response. Pinging is currently not allowed. |
No comments yet.
Rules for Dating My Daughters (in the future)
about 1 year ago - 6 comments
I’ve read this from this websites and as I am a father of two wonderful daughters, I think I might apply this set of rules as well RULE ONE If you pull into my driveway and honk you’d better be delivering a package, because you’re sure not picking anything up. RULE TWO You do not
Chill out ;)
about 1 year ago - No comments
It seems that my previous posting did offend some people. I want to take this opportunity to say sorry to whoever offended either directly or indirectly by that post and there are no malicious intentions in it. As most of the people in this particular industry I can call them as my friends and professional
If it was me…
about 1 year ago - 11 comments
As usual, Monday is a very bad day for me. Dun ask me why but perhaps I’m watching /reading too much Garfield and influenced by this fat lazy but adorable cat obsession on hating Mondays . So while doing my usual Monday activities (this of cause after reading my emails especially the ones in the
Perimeter defense is not enough
about 1 year ago - 1 comment
My friend’s gave a presentation on the mod_security usage last few weeks to a group of users from the government. In his presentation he gave a demo on how mod_security managed to prevent “blind sql injection” attacks on the application run on mod_security enabled web engine. He even received a thunderous applaud from the audience
In Between…
about 1 year ago - 1 comment
Well the time for me to spend on blogging is getting lesser (and lesser). To be honest, there are plenty of things that I want to blog about but either I’m consumed with the works or I do suffer some blogger’s block when sitting in front of my laptop. Anyway somehow I managed to drag
WebGoat: Exploit and Learn…
about 1 year ago - 1 comment
Dun know about you guys but during my time (not that long ago lah), the only avenues for me to test my newly acquired skills and tools (most of the time to test the tools and scripts -yeah I used to be a script kiddie ) are servers, websites, routers belong to other people. Ahh
Talk about Full Disclosure…
about 1 year ago - 4 comments
Ok, ok. This post is not a rebuttal, condemning or criticizing anyone. It is more on knowledge sharing for those who didn’t know or perhaps who didn’t get the clear picture on the topic Btw I hope this post will indicate where I do stand and the reason why on recently hotly debated matters with
After a While…
about 1 year ago - 2 comments
I am scheduled to conduct one knowledge sharing session within my department today but due to health reason, I decided to postpone it to next Friday. Yeah, recently I’ve encountered some problems with my health that also reminds me that I need to take it easy on myself. The burnout rate turnover is quite fast
It’s a Noble cause but still you need the consent…
about 1 year ago - 1 comment
It’s quite unusual for me to post anything on Monday nowadays. Perhaps because most of the time I’ve to attend meetings/discussions etc (update: Just finished one meeting ). Btw Monday also is the day when I spent most of my working time on reading news/articles/whitepapers and other stuff as well in order to get into
You are the Consultant..You should know…
about 1 year ago - 5 comments
To quote from Wikipedia ;P “A consultant (from the Latin consultare means “to discuss” from which we also derive words such as consul and counsel) is a professional who provides advice in a particular area of expertise such as accountancy, the environment, entertainment, technology, law (tax law, in particular), human resources, marketing, medicine, finance, economics,