IDS mailing list archives

Re: Re: Exploit-based signature is dead, or not?

From: "tanyoo10" <tanyoo10 () 163 com>
Date: Tue, 17 Mar 2009 14:52:56 +0800

Hi Sergio 'shadown' Alvarez，

just in case you didn't realize...if you have the exploit to generate
the signature, you already know what the vulnerability is.

        Exploit-based signatures are usually generated by finding the artifacts in a number of exploit samples. Thus, 
having exploit-based signature does't mean that we already know the vulnerability.   

cheers,
Yong

Current thread:

Re: Intrusion Detection Evaluation Datasets, (continued)
- - - Re: Intrusion Detection Evaluation Datasets Seth Hall (Mar 19)
    - Re: Intrusion Detection Evaluation Datasets Stefano Zanero (Mar 19)
    - Re: Intrusion Detection Evaluation Datasets Ravi Chunduru (Mar 20)
    - Re: Intrusion Detection Evaluation Datasets Damiano Bolzoni (Mar 18)
    - Re: Intrusion Detection Evaluation Datasets Seth Hall (Mar 16)
- Re: Intrusion Detection Evaluation Datasets Sam Gorton (Mar 13)
  - Re: Intrusion Detection Evaluation Datasets Raffael Marty (Mar 13)
  - Exploit-based signature is dead, or not? tanyoo10 (Mar 16)
    - Re: Exploit-based signature is dead, or not? Sergio 'shadown' Alvarez (Mar 16)
    - Re: Exploit-based signature is dead, or not? Jackie Lai (Mar 17)
    - Re: Re: Exploit-based signature is dead, or not? tanyoo10 (Mar 17)
    - RE: Exploit-based signature is dead, or not? Addepalli Srini-B22160 (Mar 17)
    - Re: Exploit-based signature is dead, or not? Joel Esler (Mar 30)
  - Re: Exploit-based signature is dead, or not? tanyoo10 (Mar 18)
- Re: Re: Intrusion Detection Evaluation Datasets zubair . shafiq (Mar 13)