As you've probably noticed, recently most malicious websites that host client-side browser exploits are not obfuscating them using complex javascript. i.e. if its an HTML-based attack, the HTML is dynamically generated using complex script. If its a call into a buggy activex complex, the call invocation, params etc are all obfuscated.
The only way to detect such exploits over the wire is with a Javascript interpreter. Does anyone know if ISS's IPS can detect such exploits. Comments from experts on other vendor's IPS products are also welcome. ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
