From owner-freebsd-security Sun Sep 19 22: 4:53 1999 Delivered-To: freebsd-security@freebsd.org Received: from mail.xmission.com (mail.xmission.com [198.60.22.22]) by hub.freebsd.org (Postfix) with ESMTP id 7C25F156C6 for ; Sun, 19 Sep 1999 22:04:50 -0700 (PDT) (envelope-from wes@softweyr.com) Received: from [204.68.178.39] (helo=softweyr.com) by mail.xmission.com with esmtp (Exim 2.12 #2) id 11SvdB-0005Nj-00; Sun, 19 Sep 1999 23:04:50 -0600 Message-ID: <37E5C070.7BB582A5@softweyr.com> Date: Sun, 19 Sep 1999 23:04:48 -0600 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.5 [en] (X11; U; FreeBSD 3.1-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: Nate Williams Cc: Brett Glass , "Rodney W. Grimes" , Warner Losh , security@FreeBSD.ORG Subject: Re: Real-time alarms References: <199909180612.AAA00597@harmony.village.org> <4.2.0.58.19990918093306.047917c0@localhost> <37E4449B.ADDD68EE@softweyr.com> <4.2.0.58.19990918201409.047f9f00@localhost> <199909191933.NAA25843@mt.sri.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Nate Williams wrote: > > Case in point. Tripwire is *NOT* a breakin-avoidance system, it's a > breakin-detection system. Right. As a definition, a breakin-avoidance system would be able to recognize an attack underway and *harden* the system to resist futher attack. > Breakin detection systems are at best poor > and at worst useless, and so far no-one has found a way to make them any > better. :( "Be the best of what you are, even if what you are is no good." -- Ashliegh Brilliant -- ;^) -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message