Just a guess. :-) Maybe tanyoo meaned "many exploits share the same sellcode, block shellcode means block the attack even the vulnerability is unknown"
======================== Jackie Lai, CISSP mailto: gclai [at] draytek [dot] com ======================== ----- Original Message ----- 寄件者: "Sergio 'shadown' Alvarez" <[email protected]> 收件者: "tanyoo10" <[email protected]> 副本: "focus-ids" <[email protected]>; "肖斌" <[email protected]> 傳送日期: 2009年3月17日 上午 02:16 主旨: Re: Exploit-based signature is dead, or not? Hi tanyoo10, > (1) When a vulnerability is unknown, exploit-based might be a good solution. just in case you didn't realize...if you have the exploit to generate the signature, you already know what the vulnerability is. cheers, sergio -- This message has been scanned for viruses and dangerous content by Draytek E-mail System, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by Draytek E-mail System, and is believed to be clean.
