IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Could signature-based ips/ids covers file format vulnerability attack?

From: "Alice Bryson" <abryson () bytefocus com>
Date: Sun, 19 Mar 2006 02:02:17 +0800
hi there
    Could anyone tell me how signature-based ips/ids covers file
format vulnerability attack?
    I have search on google but not so much found.
    Something like Microsoft WMF file format vulnerability attack is
hard to write signature, i think. because the overflow field is
crafted to a undefined large number, signature could not written based
on this field infomation. shellcode may not be signature too, because
some file may contain the content of shellcode code.


--
Homepage:http://www.lwang.org
We collect spam for research at:
mailto:abryson () bytefocus com

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: