IDS: File-format based vulns - How do vendors detect them?

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

IDS mailing list archives

File-format based vulns - How do vendors detect them?

From: Joshua Russel <joshua.russel () gmail com>
Date: Wed, 9 Nov 2005 19:04:21 +0530

Hi,

After the recent announcement of file-format based vulnerabilities in
MS Patch Tuesday, I was wondering how do IPS/IDS vendors claim to
protect against them (most of them like TippingPoint claim to do so).
Do they scan data transfer streams (SMTP, FTP, HTTP etc) for these
malicious files or is it a local check? If they do detect it on the
network doesn't it screw up their device due to high chance of false
positives and high resource consumption.

--Joshua

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------

By Date By Thread

Current thread:

File-format based vulns - How do vendors detect them? Joshua Russel (Nov 09)
- RE: File-format based vulns - How do vendors detect them? David Goodrum (Nov 14)
- <Possible follow-ups>
- RE: File-format based vulns - How do vendors detect them? Palmer, Paul (ISSAtlanta) (Nov 16)