Black Hat: How to Hack IPS Signatures

["lonely squirrel" <lonelysquirrel () gmail com>]

hi,

I'm writing an article on zero days and vendor sponsored zero day programs.
And i came across this interesting article:
http://www.darkreading.com/document.asp?doc_id=130313

and got to read more details here:
https://www.blackhat.com/presentations/bh-usa-07/Maynor_and_Graham/Whitepaper/bh-usa-07-maynor_and_graham-WP.pdf


Robert Graham and David Maynor have given complete details on how to decrypt
the tippingpoint nips zdi signatures, how to evade the simple regular
expressions and how the NIPS signatures suck. (example being the blaster
payload). Anybody tried this out and willing to share?

The article mentions that people already knew about this and it must be very
obvious that people with tippingpoint boxes must have been exposed to
vulnerabilities and too many evasions. Is there anyone who is willing to
testify this? Also i'm looking for other vendor related responses as well.


Thank you,
LS

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/