IDS mailing list archives
File-format based vulns - How do vendors detect them?
From: Joshua Russel <joshua.russel () gmail com>
Date: Wed, 9 Nov 2005 19:04:21 +0530
Hi, After the recent announcement of file-format based vulnerabilities in MS Patch Tuesday, I was wondering how do IPS/IDS vendors claim to protect against them (most of them like TippingPoint claim to do so). Do they scan data transfer streams (SMTP, FTP, HTTP etc) for these malicious files or is it a local check? If they do detect it on the network doesn't it screw up their device due to high chance of false positives and high resource consumption. --Joshua ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
Current thread:
- File-format based vulns - How do vendors detect them? Joshua Russel (Nov 09)
- RE: File-format based vulns - How do vendors detect them? David Goodrum (Nov 14)
- <Possible follow-ups>
- RE: File-format based vulns - How do vendors detect them? Palmer, Paul (ISSAtlanta) (Nov 16)