IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Exploit-based signature is dead, or not?

From: "Jackie Lai" <gclai () draytek com>
Date: Tue, 17 Mar 2009 11:12:54 +0800
Just a guess. :-)
Maybe tanyoo meaned  "many exploits share the same sellcode, block shellcode 
means block the attack even the vulnerability is unknown"


========================
Jackie Lai, CISSP
mailto: gclai [at] draytek [dot] com
========================
----- Original Message ----- 
寄件者: "Sergio 'shadown' Alvarez" <shadown () gmail com>
收件者: "tanyoo10" <tanyoo10 () 163 com>
副本: "focus-ids" <focus-ids () securityfocus com>; "肖斌" 
<csbxiao () comp polyu edu hk>
傳送日期: 2009年3月17日 上午 02:16
主旨: Re: Exploit-based signature is dead, or not?


Hi tanyoo10,


(1) When a vulnerability is unknown, exploit-based might be a good

solution.

just in case you didn't realize...if you have the exploit to generate
the signature, you already know what the vulnerability is.

cheers,
  sergio



-- 
This message has been scanned for viruses and
dangerous content by Draytek E-mail System, and is
believed to be clean. 


-- 
This message has been scanned for viruses and
dangerous content by Draytek E-mail System, and is
believed to be clean.
Previous By Date Next
Previous By Thread Next

Current thread: