[prev in list] [next in list] [prev in thread] [next in thread] 

List:       focus-ids
Subject:    ISS's IPS and Javascript interpreter
From:       zteardrop () hotmail ! com
Date:       2006-12-14 16:11:19
Message-ID: 20061214161119.18148.qmail () securityfocus ! com
[Download RAW message or body]

As you've probably noticed, recently most malicious websites that host client-side \
browser exploits are not obfuscating them using complex javascript. i.e. if its an \
HTML-based attack, the HTML is dynamically generated using complex script. If its a \
call into a buggy activex complex, the call invocation, params etc are all \
obfuscated. 

The only way to detect such exploits over the wire is with a Javascript interpreter.

Does anyone know if ISS's IPS can detect such exploits. Comments from experts on \
other vendor's IPS products are also welcome.

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw \
 to learn more.
------------------------------------------------------------------------


[prev in list] [next in list] [prev in thread] [next in thread]