IDS mailing list archives
Re: Exploit-based signature is dead, or not?
From: "Jackie Lai" <gclai () draytek com>
Date: Tue, 17 Mar 2009 11:12:54 +0800
Just a guess. :-) Maybe tanyoo meaned "many exploits share the same sellcode, block shellcode means block the attack even the vulnerability is unknown" ======================== Jackie Lai, CISSP mailto: gclai [at] draytek [dot] com ======================== ----- Original Message ----- 寄件者: "Sergio 'shadown' Alvarez" <shadown () gmail com> 收件者: "tanyoo10" <tanyoo10 () 163 com> 副本: "focus-ids" <focus-ids () securityfocus com>; "肖斌" <csbxiao () comp polyu edu hk> 傳送日期: 2009年3月17日 上午 02:16 主旨: Re: Exploit-based signature is dead, or not? Hi tanyoo10,
(1) When a vulnerability is unknown, exploit-based might be a good
solution. just in case you didn't realize...if you have the exploit to generate the signature, you already know what the vulnerability is. cheers, sergio -- This message has been scanned for viruses and dangerous content by Draytek E-mail System, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by Draytek E-mail System, and is believed to be clean.
Current thread:
- Re: Intrusion Detection Evaluation Datasets, (continued)
- Re: Intrusion Detection Evaluation Datasets Ravi Chunduru (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Seth Hall (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Stefano Zanero (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Ravi Chunduru (Mar 20)
- Re: Intrusion Detection Evaluation Datasets Damiano Bolzoni (Mar 18)
- Re: Intrusion Detection Evaluation Datasets Seth Hall (Mar 16)
- Re: Intrusion Detection Evaluation Datasets Raffael Marty (Mar 13)
- Exploit-based signature is dead, or not? tanyoo10 (Mar 16)
- Re: Exploit-based signature is dead, or not? Sergio 'shadown' Alvarez (Mar 16)
- Re: Exploit-based signature is dead, or not? Jackie Lai (Mar 17)
- Re: Re: Exploit-based signature is dead, or not? tanyoo10 (Mar 17)
- RE: Exploit-based signature is dead, or not? Addepalli Srini-B22160 (Mar 17)
- Re: Exploit-based signature is dead, or not? Joel Esler (Mar 30)