Hi, After the recent announcement of file-format based vulnerabilities in MS Patch Tuesday, I was wondering how do IPS/IDS vendors claim to protect against them (most of them like TippingPoint claim to do so). Do they scan data transfer streams (SMTP, FTP, HTTP etc) for these malicious files or is it a local check? If they do detect it on the network doesn't it screw up their device due to high chance of false positives and high resource consumption.
--Joshua ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
