[617] in Intrusion Detection Systems
Re: Question. (Was re:hacker's intro)
daemon@ATHENA.MIT.EDU (Alfred)
Tue Feb 20 17:31:30 1996
Date: Thu, 15 Feb 1996 16:04:20 -0700 (MST)
From: Alfred <alfred@crimson.cadvision.com>
To: ids@uow.edu.au
In-Reply-To: <199602141653.LAA08518@uther.cs.purdue.edu>
Reply-To: ids@uow.edu.au
I had not wanted to get drawn into this, however I can't resist. I think
you are not examining the issue.
On Wed, 14 Feb 1996, Gene Spafford wrote:
>
> If not, you aren't using very good consultants. People with proper training k
> w how to a proper analysis, and looking for software bugs is only a small part
> f that. Most hackers have little training in protocols, standards, or analysi
First, a great many host level bugs *are* discovered and utilized by
hackers. I agree that a good consultant could perhaps find the bugs, yet
ask yourself how many consultants (or the companies they work for) have
source licenses which would allow them to examine the code. Hackers on
the other hand have access to a great deal of source, albeit illegally.
As for hackers having little training in protocols, standards and
analysis, this *may* be true as a rule. Yet there are hackers who have a
very clear concept of protocol level mechanics etc. And these few who do have
this knowledge tend to write and distribute tools along this vien to those
who do not have the knowledge. So at this point, understanding a weakness and
being able to exploit it are not mutually exclusive. It hardly
matters that a hacker for instance understands very little of routing
protocols etc, if he can utilize tools written by others to perfomr IP
spoofing etc ad nauseum.
Alfred H. Mcphee
Please send any personal replies to: mpcheea@cadvision.com
