hi there
Could anyone tell me how signature-based ips/ids covers file
format vulnerability attack?
I have search on google but not so much found.
Something like Microsoft WMF file format vulnerability attack is
hard to write signature, i think. because the overflow field is
crafted to a undefined large number, signature could not written based
on this field infomation. shellcode may not be signature too, because
some file may contain the content of shellcode code.
--
Homepage:http://www.lwang.org
We collect spam for research at:
mailto:[EMAIL PROTECTED]
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
