on the iphone? how are you going to detect that using a network based ips?
i mean, if the iphone is on wifi, but other than that... On Mon, Jun 9, 2008 at 11:56 PM, Ravi Chunduru <[EMAIL PROTECTED]> wrote: > This seems fine to me. do you know the vulnerable version of Safari browser? > > Thanks > Ravi > > On Mon, Jun 9, 2008 at 7:17 PM, Srinivasa Addepalli <[EMAIL PROTECTED]> wrote: >> Hi Ravi, >> >> You are right that many IDS/IPS systems don't have java script analyzers. >> Even the systems that have these analyzers will also have problems in >> detecting these kinds of attacks. >> >> One simple way is to create a signature which checks version string in >> User-Agent field and javascript in response html data. If user agent >> version indicates vulnerable software edition and javascript is seen, this >> signature flags the administrator. Since javascript is not analyzed, there >> could be false positives; but at the minimum, it provides logs and alerts to >> administrator to take further action. >> >> Srini >> >> >> -----Original Message----- >> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On >> Behalf Of Ravi Chunduru >> Sent: Saturday, June 07, 2008 1:55 PM >> To: Focus IDS >> Subject: Javascript long string detection >> >> Hi, >> >> I have come across this vulnerability >> >> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0729 >> >> and corresponding Exploit at >> >> http://www.milw0rm.org/exploits/5268 >> >> There are so many ways to create a long string in Javascript. How do >> Network based IDS/IPS can detect these kinds of attacks? Is it >> possible to create signatures to detect these attacks? Many existing >> IDS/IPS devices don't have capabilities to interpret and evaluate >> javascripts. So, I would think that it is nearly impossible. Any >> insight? >> >> Thanks >> Ravi >> >> ------------------------------------------------------------------------ >> Test Your IDS >> >> Is your IDS deployed correctly? >> Find out quickly and easily by testing it >> with real-world attacks from CORE IMPACT. >> Go to >> http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=in >> tro_sfw >> to learn more. >> ------------------------------------------------------------------------ >> >> >> > > ------------------------------------------------------------------------ > Test Your IDS > > Is your IDS deployed correctly? > Find out quickly and easily by testing it > with real-world attacks from CORE IMPACT. > Go to > http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw > to learn more. > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
