[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] VML Exploit vs. AV/IPS/IDS signatures
- To: avivra <avivra@xxxxxxxxx>
- Subject: Re: [Full-disclosure] VML Exploit vs. AV/IPS/IDS signatures
- From: "Pukhraj Singh" <pukhraj.singh@xxxxxxxxx>
- Date: Thu, 28 Sep 2006 11:07:26 +0530
And you tell me how many of these variants you will actually find in
the wild. Won't be a significant number I bet.
Cheers!
Pukhraj
On 9/27/06, avivra <avivra@xxxxxxxxx> wrote:
> Hi,
>
> > i.e. I can't afford to buy "specialized" security tools/devices for
> > "speclialized" attacks unless my company relies heavily on web/content
> > services.
>
> So, you will buy "specialized" security tools like firewall or
> Anti-Virus, but not web content filtering tool?
>
> > In our company, we established a information-sharing
> > network with other security companies. So the real-time exploit-facing
> > signatures were then subjected to live traffic, honeypots and countless
> > variants; They seemed to work out pretty well.
>
> I would like to see how your real-time signatures get updated with the
> randomization implemented in the new VML metasploit module. Your
> "countless" exploit variants will become really innumerable.
>
> The problem is that the signatures are written for the exploit, and
> not for the vulnerability.
>
> -- Aviv.
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/