German,
We likely do detect that "event" with one of our existing signatures as we have many
signatures for various vulnerabilities related to chunked encoding:
HTTP_IIS_ASP_Chunked_Overflow
HTTP_IIS_Media_Services
ASP_Chunked_Overflow
HTTP_Apache_Chunked_BO
HTTP_Apache_Chunked_DoS
HTTP_IIS_HTR_Chunked_Overflow
HTTP_IIS_FPSE_Debug_Bo
Do you know which exploit triggers this other IDS's event or do you know the CVE
number to which this event corresponds?
Paul
-----Original Message-----
From: [EMAIL PROTECTED] On Behalf Of German A Suarez Nahon
Sent: Tuesday, May 25, 2004 8:52 AM
To: [EMAIL PROTECTED]
Subject: [ISSForum] HTTP_1_1_Chunked_Encoding_Transfer
Importance: High
Hi everyone...
Anybody know this "attack"? We have another IDS services and they can
detec that event. My question is �Why not our Network Sensors?
Saludos....
Germ�n Alberto Su�rez Nah�n
Banco Mercantil CA SACA
Seguridad de la Informaci�n
Phone: 58 212 5030270 / 0026 (Fax)
http://www.bancomercantil.com
mailto:[EMAIL PROTECTED]
_______________________________________________
ISSForum mailing list
[EMAIL PROTECTED]
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum
To contact the ISSForum Moderator, send email to [EMAIL PROTECTED]
The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303
Barfield Road, Atlanta, Georgia, USA 30328.
_______________________________________________
ISSForum mailing list
[EMAIL PROTECTED]
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum
To contact the ISSForum Moderator, send email to [EMAIL PROTECTED]
The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303
Barfield Road, Atlanta, Georgia, USA 30328.
