Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



IDS: ISS's IPS and Javascript interpreter

ISS's IPS and Javascript interpreter

From: <zteardrop_at_hotmail.com>
Date: 14 Dec 2006 16:11:19 -0000
('binary' encoding is not supported, stored as-is) As you've probably noticed, recently most malicious websites that host client-side browser exploits are not obfuscating them using complex javascript. i.e. if its an HTML-based attack, the HTML is dynamically generated using complex script. If its a call into a buggy activex complex, the call invocation, params etc are all obfuscated.

The only way to detect such exploits over the wire is with a Javascript interpreter.

Does anyone know if ISS's IPS can detect such exploits. Comments from experts on other vendor's IPS products are also welcome.

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
Received on Dec 14 2006

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos