IDS mailing list archives
Re: Re: Exploit-based signature is dead, or not?
From: "tanyoo10" <tanyoo10 () 163 com>
Date: Tue, 17 Mar 2009 14:52:56 +0800
Hi Sergio 'shadown' Alvarez,
just in case you didn't realize...if you have the exploit to generate the signature, you already know what the vulnerability is.
Exploit-based signatures are usually generated by finding the artifacts in a number of exploit samples. Thus, having exploit-based signature does't mean that we already know the vulnerability. cheers, Yong
Current thread:
- Re: Intrusion Detection Evaluation Datasets, (continued)
- Re: Intrusion Detection Evaluation Datasets Seth Hall (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Stefano Zanero (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Ravi Chunduru (Mar 20)
- Re: Intrusion Detection Evaluation Datasets Damiano Bolzoni (Mar 18)
- Re: Intrusion Detection Evaluation Datasets Seth Hall (Mar 16)
- Re: Intrusion Detection Evaluation Datasets Sam Gorton (Mar 13)
- Re: Intrusion Detection Evaluation Datasets Raffael Marty (Mar 13)
- Exploit-based signature is dead, or not? tanyoo10 (Mar 16)
- Re: Exploit-based signature is dead, or not? Sergio 'shadown' Alvarez (Mar 16)
- Re: Exploit-based signature is dead, or not? Jackie Lai (Mar 17)
- Re: Re: Exploit-based signature is dead, or not? tanyoo10 (Mar 17)
- RE: Exploit-based signature is dead, or not? Addepalli Srini-B22160 (Mar 17)
- Re: Exploit-based signature is dead, or not? Joel Esler (Mar 30)
- Re: Exploit-based signature is dead, or not? tanyoo10 (Mar 18)