Re: Check Point Invented (R)(TM) the great sand-boxing and now protects you against "Day0"!

[byte_jump <bytejump () gmail com>]

I don't understand why folks are bothering with such technologies.
These things are too easy to evade. Not only can it be evaded by what
HD mentioned (ascii-encoded shellcode), but we don't even need
something as sophisticated as ascii-encoded shellcode - this system
fails where every other network-based IPS (investment perpetuation
system) fails: encryption. I suppose we are all obligated to pretend
that attacks do not occur over encrypted channels and do not make use
of encryption.

A couple additional questions:
- Assuming they get this thing to understand machine code for SPARC or
Power, how will this tell what architecture the end system is using?
This seems like the same crap we deal with where network-based
security devices cannot determine even which TCP stack an attacked
system reassembles for.
- Assuming the Check Point will somehow determine which architecture
an attacked system is using, how would it deal with systems behind
load balancing devices? What if my web server runs on SPARC but my
load balancer (or reverse proxy, for that matter) runs on x86?

Why are we still wasting our time on this stuff? Why are vendors still
selling this garbage? Clearly the suits think this stuff will sell, so
I ask: Who is buying this stuff?

Good grief.
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave