|
|
Focus on IDS
Re: Intrusion Detection Evaluation Datasets Mar 13 2009 02:47AM Sam Gorton (sam gorton gmail com) (3 replies) Exploit-based signature is dead, or not? Mar 13 2009 05:20PM tanyoo10 (tanyoo10 163 com) (4 replies) RE: Exploit-based signature is dead, or not? Mar 16 2009 08:27PM Addepalli Srini-B22160 (saddepalli freescale com) Re: Exploit-based signature is dead, or not? Mar 16 2009 06:16PM Sergio 'shadown' Alvarez (shadown gmail com) (1 replies) |
|
Privacy Statement |
Maybe tanyoo meaned "many exploits share the same sellcode, block shellcode
means block the attack even the vulnerability is unknown"
========================
Jackie Lai, CISSP
mailto: gclai [at] draytek [dot] com
========================
----- Original Message -----
å¯?件è??: "Sergio 'shadown' Alvarez" <shadown (at) gmail (dot) com [email concealed]>
æ?¶ä»¶è??: "tanyoo10" <tanyoo10 (at) 163 (dot) com [email concealed]>
å?¯æ?¬: "focus-ids" <focus-ids (at) securityfocus (dot) com [email concealed]>; "è??æ??"
<csbxiao (at) comp.polyu.edu (dot) hk [email concealed]>
å?³é?æ?¥æ??: 2009å¹´3æ??17æ?¥ ä¸?å? 02:16
主�: Re: Exploit-based signature is dead, or not?
Hi tanyoo10,
> (1) When a vulnerability is unknown, exploit-based might be a good
solution.
just in case you didn't realize...if you have the exploit to generate
the signature, you already know what the vulnerability is.
cheers,
sergio
--
This message has been scanned for viruses and
dangerous content by Draytek E-mail System, and is
believed to be clean.
--
This message has been scanned for viruses and
dangerous content by Draytek E-mail System, and is
believed to be clean.
[ reply ]