Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

focus-ids logo IDS mailing list archives

Could signature-based ips/ids covers file format vulnerability attack?
From: "Alice Bryson" <abryson () bytefocus com>
Date: Sun, 19 Mar 2006 02:02:17 +0800
hi there
    Could anyone tell me how signature-based ips/ids covers file
format vulnerability attack?
    I have search on google but not so much found.
    Something like Microsoft WMF file format vulnerability attack is
hard to write signature, i think. because the overflow field is
crafted to a undefined large number, signature could not written based
on this field infomation. shellcode may not be signature too, because
some file may contain the content of shellcode code.


--
Homepage:http://www.lwang.org
We collect spam for research at:
mailto:abryson () bytefocus com

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
  • Could signature-based ips/ids covers file format vulnerability attack? Alice Bryson (Mar 20)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]