Full Disclosure mailing list archives
Black Hat: How to Hack IPS Signatures
From: "lonely squirrel" <lonelysquirrel () gmail com>
Date: Mon, 20 Aug 2007 23:31:59 -0700
hi, I'm writing an article on zero days and vendor sponsored zero day programs. And i came across this interesting article: http://www.darkreading.com/document.asp?doc_id=130313 and got to read more details here: https://www.blackhat.com/presentations/bh-usa-07/Maynor_and_Graham/Whitepaper/bh-usa-07-maynor_and_graham-WP.pdf Robert Graham and David Maynor have given complete details on how to decrypt the tippingpoint nips zdi signatures, how to evade the simple regular expressions and how the NIPS signatures suck. (example being the blaster payload). Anybody tried this out and willing to share? The article mentions that people already knew about this and it must be very obvious that people with tippingpoint boxes must have been exposed to vulnerabilities and too many evasions. Is there anyone who is willing to testify this? Also i'm looking for other vendor related responses as well. Thank you, LS
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Black Hat: How to Hack IPS Signatures lonely squirrel (Aug 20)