IDS mailing list archives
Re: Obfuscated web pages
From: holly.stewart () us ibm com
Date: 18 Feb 2008 15:32:53 -0000
Hi, I work for IBM Internet Security Systems and was involved in the creation of the 2007 trend report. I agree that the host is the place where you need to solve this problem. De-obfuscating traffic as a network device certainly would have performance issues. Someone had asked if the Proventia line had something to address this issue, so I thought I'd clear that up. Our IPS products do have a handful of signatures that look for Javascript obfuscation (JavaScript_Unescape_Regex, JavaScript_Large_Unescape, JavaScript_Unescape_Obfuscation). Also, I'd like to apologize for that marketing slick that touts our IPS as being a solution for Phishing. Although there are ways you can get an IPS to address some issues related to phishing and spam, it is obviously not designed to be a wholesale solution for that kind of problem.... that's why we have a market for content (email/web) products! I actually had a meeting a few weeks ago with the marketing folks to have that removed, so having someone make fun of it on this list is pretty timely. :) -Holly Holly Stewart Product Manager, X-Force and XFTAS IBM Internet Security Systems Atlanta, GA ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
Current thread:
- Re: Obfuscated web pages, (continued)
- Re: Obfuscated web pages Ivan Arce (Feb 21)
- RE: Obfuscated web pages Mike Barkett (Feb 25)
- Re: Obfuscated web pages Ivan Arce (Feb 29)
- Re: Obfuscated web pages Arian J. Evans (Feb 15)
- RE: Obfuscated web pages Mike Barkett (Feb 15)
- Re: Obfuscated web pages Ivan Arce (Feb 21)
- Re: Obfuscated web pages Dustin D. Trammell (Feb 21)