Hi: We had made some testing in our labs, in order to determine if the signatures already present in siteprotector sensors( wee can only find 8) are able to detect code shell execution in unix/linux web servers enviroments.
We try a lot of examples of code shell execution attemps , starting off very specific to very general shell code execution attemps, and we only can trigger the " HTTP_Unix_Passwords". The signatures that we enabled in the policies were: (HTTP_Shells_Bash) (HTTP_Shells_C) (HTTP_Shells_Ksh) (HTTP_Shells_Perl) (HTTP_Shells_Perl_Exe) (HTTP_Shells_Rksh) (HTTP_Shells_Sh) (HTTP_Shells_Tcsh) (HTTP_Unix_Passwords) We are very worried because we was unable to detect a lot of attemps of attacks of this kind. Any ideas would help. Thanks in advance -- Juan Roa Salinas Chile _______________________________________________ ISSForum mailing list [email protected] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
