Re: Javascript long string detection
- From: "Ravi Chunduru" <ravi.is.chunduru@xxxxxxxxx>
- Date: Sun, 29 Jun 2008 18:31:39 -0700
Right. If traffic does not go through IPS, it has no way of detecting
exploits. Some companies allow phone traffic to go through its network
for all kinds of traffic with split tunnel mode OFF. In these cases
too, network IPS, when deployed at the right place can detect the
exploits.
thanks
Ravi
On Wed, Jun 11, 2008 at 11:21 AM, Ureleet <ureleet@xxxxxxxxx> wrote:
on the iphone? how are you going to detect that using a network based ips?
i mean, if the iphone is on wifi, but other than that...
On Mon, Jun 9, 2008 at 11:56 PM, Ravi Chunduru
<ravi.is.chunduru@xxxxxxxxx> wrote:
This seems fine to me. do you know the vulnerable version of Safari browser?
Thanks
Ravi
On Mon, Jun 9, 2008 at 7:17 PM, Srinivasa Addepalli <srao@xxxxxxxxxx> wrote:
Hi Ravi,
You are right that many IDS/IPS systems don't have java script analyzers.
Even the systems that have these analyzers will also have problems in
detecting these kinds of attacks.
One simple way is to create a signature which checks version string in
User-Agent field and javascript in response html data. If user agent
version indicates vulnerable software edition and javascript is seen, this
signature flags the administrator. Since javascript is not analyzed, there
could be false positives; but at the minimum, it provides logs and alerts to
administrator to take further action.
Srini
-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On
Behalf Of Ravi Chunduru
Sent: Saturday, June 07, 2008 1:55 PM
To: Focus IDS
Subject: Javascript long string detection
Hi,
I have come across this vulnerability
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0729
and corresponding Exploit at
http://www.milw0rm.org/exploits/5268
There are so many ways to create a long string in Javascript. How do
Network based IDS/IPS can detect these kinds of attacks? Is it
possible to create signatures to detect these attacks? Many existing
IDS/IPS devices don't have capabilities to interpret and evaluate
javascripts. So, I would think that it is nearly impossible. Any
insight?
Thanks
Ravi
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=in
tro_sfw
to learn more.
------------------------------------------------------------------------
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
- References:
- Javascript long string detection
- From: Ravi Chunduru
- RE: Javascript long string detection
- From: Srinivasa Addepalli
- Re: Javascript long string detection
- From: Ravi Chunduru
- Re: Javascript long string detection
- From: Ureleet
- Javascript long string detection
- Prev by Date: New Release of 'Unhide' (20080519)
- Next by Date: SQL injection Patterns
- Previous by thread: Re: Javascript long string detection
- Next by thread: DoS Versus Exploit families
- Index(es):
Relevant Pages
|
