Full Disclosure mailing list archives
Re: noise about full-width encoding bypass?
From: Valdis.Kletnieks () vt edu
Date: Mon, 21 May 2007 16:06:06 -0400
On Mon, 21 May 2007 14:41:58 CDT, Steven Adair said:
I think you could be on either side, but I would learn towards this being a feature than a bug. Multiple products appear to do the decoding in the same manner and intentionally perform this function.
No, they merely *claim* to do it the same way.
However, the recent advisories that went out were geared towards IDS/IPS products that were not designed to be able to recognize such half-/full-width encoded traffic.
And if the IDS doesn't do it the *exact* same way, we're just repeating the mistakes of "using fragmented packets to bypass the IDS", "using X to bypass the IDS", "using Y to bypass the IDS"... and so on.
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- noise about full-width encoding bypass? Brian Eaton (May 21)
- Re: noise about full-width encoding bypass? 3APA3A (May 21)
- Re: noise about full-width encoding bypass? Brian Eaton (May 21)
- Re: noise about full-width encoding bypass? 3APA3A (May 22)
- Re: noise about full-width encoding bypass? Brian Eaton (May 21)
- Re: noise about full-width encoding bypass? Brian Eaton (May 21)
- Re: noise about full-width encoding bypass? ascii (May 21)
- Re: noise about full-width encoding bypass? Brian Eaton (May 21)
- Re: noise about full-width encoding bypass? Steven Adair (May 21)
- Re: noise about full-width encoding bypass? Valdis . Kletnieks (May 21)
- Re: noise about full-width encoding bypass? 3APA3A (May 22)
- Re: noise about full-width encoding bypass? ascii (May 21)
- Re: [WEB SECURITY] Re: noise about full-width encoding bypass? Chris Weber (May 21)
- Re: [WEB SECURITY] Re: noise about full-width encoding bypass? ascii (May 21)
- Re: noise about full-width encoding bypass? 3APA3A (May 21)
- Re: [WEB SECURITY] Re: noise about full-width encoding bypass? Brian Eaton (May 22)
- Re: [WEB SECURITY] Re: noise about full-width encoding bypass? Arian J. Evans (May 22)
- Re: [WEB SECURITY] noise about full-width encoding bypass? Arian J. Evans (May 21)
- Re: [WEB SECURITY] noise about full-width encoding bypass? Arian J. Evans (May 22)