[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Black Hat: How to Hack IPS Signatures

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Black Hat: How to Hack IPS Signatures
From: "lonely squirrel" <lonelysquirrel@xxxxxxxxx>
Date: Mon, 20 Aug 2007 23:31:59 -0700

hi,

I'm writing an article on zero days and vendor sponsored zero day programs.
And i came across this interesting article:
http://www.darkreading.com/document.asp?doc_id=130313

and got to read more details here:
https://www.blackhat.com/presentations/bh-usa-07/Maynor_and_Graham/Whitepaper/bh-usa-07-maynor_and_graham-WP.pdf


Robert Graham and David Maynor have given complete details on how to decrypt
the tippingpoint nips zdi signatures, how to evade the simple regular
expressions and how the NIPS signatures suck. (example being the blaster
payload). Anybody tried this out and willing to share?

The article mentions that people already knew about this and it must be very
obvious that people with tippingpoint boxes must have been exposed to
vulnerabilities and too many evasions. Is there anyone who is willing to
testify this? Also i'm looking for other vendor related responses as well.


Thank you,
LS

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] 0day for sell
Next by Date: [Full-disclosure] 10 messages SIP Remote DOS on Cisco 7940 SIP Phone
Previous by thread: [Full-disclosure] [USN-501-1] jasper vulnerability
Next by thread: [Full-disclosure] 10 messages SIP Remote DOS on Cisco 7940 SIP Phone
Index(es):
- Date
- Thread