I was actually referring to signature exploits. I am aware that there
were documented vulnerabilities in NFR's old R&D versions. Once NFR
went to it's appliance version of the product and closed everything but
the signatures (and this entire thread has been surrounding open vs
closed signatures I believe) we have not had a vulnerability in our
signature set.
However, technically, you are 100% correct, so I apologize for what may
have been a misleading statement.
sorry about the mis-statement...
-dave
Thomas H.Ptacek wrote:
It's not true that NFR has never had a remote exploit.
I may be mis-reading the statement, but I discovered and published an
advisory for a remote root vulnerability in NFR back when I worked at
Network Associates.
On Mar 17, 2005, at 5:24 PM, Martin Roesch wrote:
I agree with your comments about writing good signatures. We
released a whitepaper a couple of years back in an effort to teach
people how to write good signatures using the NFR product, and even
though we've had our signatures openly readable since day 1, we've
never had a remote exploit. (well okay, we didn't actually have
signatures on day 1, but you know what i mean. ;) )
---
Thomas H. Ptacek -- (734) 604-0070
---
"If you're so special, why aren't you dead?"
--
David W. Goodrum
Senior Systems Engineer
NFR Security
703.731.3765
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
