IDS mailing list archives

Re: Re: how to avoid false positive in generic cross site scripting attack ids signature

From: rathnach () gmail com
Date: 6 Feb 2007 11:44:45 -0000

1st is, whether executing javascript on clients browser context in http req. is permissible.

we don't have any control to implement policy to restrict developers using such feature.


 2nd as yahoo is one of the most visted sit, how can avoid cjances of false postive, and is there any way to harden 
this signature.

IDS detection is most effective only when it is configured properly and signatures are specific to attack.


Generic signatures are only good to identify unknown attacks,Provided you have good logging capability. but problem is 
false positives. 
My would suggest is to find some vulnerable file path + XXS pattern to be more effective.

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.
------------------------------------------------------------------------

Current thread:

how to avoid false positive in generic cross site scripting attack ids signature singhamit4me (Feb 01)
- Re: how to avoid false positive in generic cross site scripting attack ids signature Sanjay R (Feb 02)
- <Possible follow-ups>
- Re: Re: how to avoid false positive in generic cross site scripting attack ids signature rathnach (Feb 08)
  - Re: Re: how to avoid false positive in generic cross site scripting attack ids signature Abhishek Bhuyan (Feb 12)