IDS mailing list archives
Could signature-based ips/ids covers file format vulnerability attack?
From: "Alice Bryson" <abryson () bytefocus com>
Date: Sun, 19 Mar 2006 02:02:17 +0800
hi there Could anyone tell me how signature-based ips/ids covers file format vulnerability attack? I have search on google but not so much found. Something like Microsoft WMF file format vulnerability attack is hard to write signature, i think. because the overflow field is crafted to a undefined large number, signature could not written based on this field infomation. shellcode may not be signature too, because some file may contain the content of shellcode code. -- Homepage:http://www.lwang.org We collect spam for research at: mailto:abryson () bytefocus com ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
Current thread:
- Could signature-based ips/ids covers file format vulnerability attack? Alice Bryson (Mar 20)