IDS mailing list archives
ISS's IPS and Javascript interpreter
From: zteardrop () hotmail com
Date: 14 Dec 2006 16:11:19 -0000
As you've probably noticed, recently most malicious websites that host client-side browser exploits are not obfuscating them using complex javascript. i.e. if its an HTML-based attack, the HTML is dynamically generated using complex script. If its a call into a buggy activex complex, the call invocation, params etc are all obfuscated. The only way to detect such exploits over the wire is with a Javascript interpreter. Does anyone know if ISS's IPS can detect such exploits. Comments from experts on other vendor's IPS products are also welcome. ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
Current thread:
- ISS's IPS and Javascript interpreter zteardrop (Dec 14)