Hi Juan, signatures that detect shellcode have not necessarily the word "shellcode" in their names.
I would assume you activate all attack-signatures and see what events get triggered when you perform your tests. Greetings, --Detmar Juan Roa wrote: > Hi: > > We had made some testing in our labs, in order to determine if the > signatures already present in siteprotector sensors( wee can only find > 8) are able to detect code shell execution in unix/linux web servers > enviroments. > > We try a lot of examples of code shell execution attemps , starting > off very specific to very general shell code execution attemps, and we > only can trigger the " HTTP_Unix_Passwords". > > The signatures that we enabled in the policies were: > > (HTTP_Shells_Bash) > (HTTP_Shells_C) > (HTTP_Shells_Ksh) > (HTTP_Shells_Perl) > (HTTP_Shells_Perl_Exe) > (HTTP_Shells_Rksh) > (HTTP_Shells_Sh) > (HTTP_Shells_Tcsh) > (HTTP_Unix_Passwords) > > We are very worried because we was unable to detect a lot of attemps > of attacks of this kind. > > Any ideas would help. > > Thanks in advance > _______________________________________________ ISSForum mailing list [email protected] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
