[Full-disclosure] Black Hat: How to Hack IPS Signatures
lonely squirrel
lonelysquirrel at gmail.com
Tue Aug 21 07:31:59 BST 2007
hi,
I'm writing an article on zero days and vendor sponsored zero day programs.
And i came across this interesting article:
http://www.darkreading.com/document.asp?doc_id=130313
and got to read more details here:
https://www.blackhat.com/presentations/bh-usa-07/Maynor_and_Graham/Whitepaper/bh-usa-07-maynor_and_graham-WP.pdf
Robert Graham and David Maynor have given complete details on how to decrypt
the tippingpoint nips zdi signatures, how to evade the simple regular
expressions and how the NIPS signatures suck. (example being the blaster
payload). Anybody tried this out and willing to share?
The article mentions that people already knew about this and it must be very
obvious that people with tippingpoint boxes must have been exposed to
vulnerabilities and too many evasions. Is there anyone who is willing to
testify this? Also i'm looking for other vendor related responses as well.
Thank you,
LS
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070820/dbb298b4/attachment.html
Full-Disclosure is hosted and sponsored by Secunia.