Dailydave mailing list archives
Re: Check Point Invented (R)(TM) the great sand-boxing and now protects you against "Day0"!
From: byte_jump <bytejump () gmail com>
Date: Thu, 7 Jul 2005 15:50:54 -0600
I don't understand why folks are bothering with such technologies. These things are too easy to evade. Not only can it be evaded by what HD mentioned (ascii-encoded shellcode), but we don't even need something as sophisticated as ascii-encoded shellcode - this system fails where every other network-based IPS (investment perpetuation system) fails: encryption. I suppose we are all obligated to pretend that attacks do not occur over encrypted channels and do not make use of encryption. A couple additional questions: - Assuming they get this thing to understand machine code for SPARC or Power, how will this tell what architecture the end system is using? This seems like the same crap we deal with where network-based security devices cannot determine even which TCP stack an attacked system reassembles for. - Assuming the Check Point will somehow determine which architecture an attacked system is using, how would it deal with systems behind load balancing devices? What if my web server runs on SPARC but my load balancer (or reverse proxy, for that matter) runs on x86? Why are we still wasting our time on this stuff? Why are vendors still selling this garbage? Clearly the suits think this stuff will sell, so I ask: Who is buying this stuff? Good grief. _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Check Point Invented (R)(TM) the great sand-boxing and now protects you against "Day0"! Tiago Assumpcao (Jul 06)
- Re: Check Point Invented (R)(TM) the great sand-boxing and now protects you against "Day0"! H D Moore (Jul 06)
- Re: Check Point Invented (R)(TM) the great sand-boxingand now protects you against "Day0"! halvar (Jul 06)
- Re: Check Point Invented (R)(TM) the great sand-boxing and now protects you against "Day0"! Matt LeGrow (Jul 07)
- Re: Check Point Invented (R)(TM) the great sand-boxing and now protects you against "Day0"! byte_jump (Jul 07)
- Re: Check Point Invented (R)(TM) the great sand-boxing and now protects you against "Day0"! Jonatan B (Jul 07)
- Re: Check Point Invented (R)(TM) the great sand-boxing and now protects you against "Day0"! Chris Anley (Jul 08)
- Re: Check Point Invented (R)(TM) the great sand-boxing and now protects you against "Day0"! Pete Herzog (Jul 08)
- Re: Check Point Invented (R)(TM) the great sand-boxing and now protects you against "Day0"! Daniel (Jul 08)
- Re: Check Point Invented (R)(TM) the great sand-boxing and now protects you against "Day0"! Karl-Heinz Kreis (Jul 08)
- Re: Check Point Invented (R)(TM) the great sand-boxing and now protects you against "Day0"! Steve Lord (Jul 08)
- Re: Check Point Invented (R)(TM) the great sand-boxing and now protects you against "Day0"! H D Moore (Jul 06)