On Mon, 21 May 2007 14:41:58 CDT, Steven Adair said: > I think you could be on either side, but I would learn towards this being > a feature than a bug. Multiple products appear to do the decoding in the > same manner and intentionally perform this function. No, they merely *claim* to do it the same way. > However, the recent > advisories that went out were geared towards IDS/IPS products that were > not designed to be able to recognize such half-/full-width encoded > traffic. And if the IDS doesn't do it the *exact* same way, we're just repeating the mistakes of "using fragmented packets to bypass the IDS", "using X to bypass the IDS", "using Y to bypass the IDS"... and so on.
Attachment:
pgpn8K72Ag6BN.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/