[prev in list] [next in list] [prev in thread] [next in thread]
List: focus-ids
Subject: ISS's IPS and Javascript interpreter
From: zteardrop () hotmail ! com
Date: 2006-12-14 16:11:19
Message-ID: 20061214161119.18148.qmail () securityfocus ! com
[Download RAW message or body]
As you've probably noticed, recently most malicious websites that host client-side \
browser exploits are not obfuscating them using complex javascript. i.e. if its an \
HTML-based attack, the HTML is dynamically generated using complex script. If its a \
call into a buggy activex complex, the call invocation, params etc are all \
obfuscated.
The only way to detect such exploits over the wire is with a Javascript interpreter.
Does anyone know if ISS's IPS can detect such exploits. Comments from experts on \
other vendor's IPS products are also welcome.
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw \
to learn more.
------------------------------------------------------------------------
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic