IDS mailing list archives
Re: McAfee IDS signature writing
From: Vijay K <globevk () yahoo com>
Date: Fri, 24 Aug 2007 21:40:47 -0700 (PDT)
Just to follow up, There are also many BOHS (Browser Hijack Sessions) implementations infact open source with open source code. FYI...two cents of advice Regards, Vijay --- senatorfrog () gmail com wrote:
Hello list Does anyone have any experience with writing signatures for McAfee IPS systems? It's a bit frustrating compared to a system like Snort, because the vendor-supplied sigs are "secret sauce". I can't just look in there for examples similar to what I'm trying to achieve. What I'm after in this case should in principle be relatively simple - I want to catch certain function calls in an HTTP response, but only in the context of a javascript block. I'd like to avoid tripping the signatures if the same strings come up in the regular text of a page, e.g. a in a mailing list posting describing an IDS signature or a browser vulnerability... Regards Mark PS - kindly cc me on replies, as I'm not subscribed to the list
------------------------------------------------------------------------
Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
____________________________________________________________________________________ Take the Internet to Go: Yahoo!Go puts the Internet in your pocket: mail, news, photos & more. http://mobile.yahoo.com/go?refer=1GNXIC ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
Current thread:
- McAfee IDS signature writing senatorfrog (Aug 24)
- Re: McAfee IDS signature writing Vijay K (Aug 27)
- <Possible follow-ups>
- Re: McAfee IDS signature writing krymson (Aug 24)
- Message not available
- Re: McAfee IDS signature writing Mark Senior (Aug 27)
- Message not available
- Re: McAfee IDS signature writing Vijay K (Aug 27)
- Re: McAfee IDS signature writing Vijay K (Aug 27)