On Thu, 2006-10-12 at 09:44 +0530, Sanjay R wrote: > I am not trying to say that a particular IDS does not have signatures > for a IE DoS (only DoS, no command execution), and TrafficIQ includes > many of them, which is wrong. I think its not a big deal to write > signatures for IE related DoS attacks.
Well, a DoS can translate to loss of productivity which does have a financial impact, so it shouldn't be dismissed completely. But inclusion of these sigs is probably more important from a marketing perspective. Most if not all IDSes on the market (including open source) have coverage for client-based IE exploits, DoS or otherwise. However, from a risk mitigation or protective security effort perspective, these signatures are probably less relevant, unless the IDS can magically follow all possible evasion paths. (Think SSL, Zip/Compres/Deflate encoding, various semi-supported text encodings, etc) So while these IDSes may not detect well packaged exploits, they still need to be able to write coverage for IE issues on the marketing/performance charts. Regards, Frank -- It is said that the Internet is a public utility. As such, it is best compared to a sewer. A big, fat pipe with a bunch of crap sloshing against your ports.
signature.asc
Description: This is a digitally signed message part
