[Dshield] Filtering javascript
Brendan Dolan-Gavitt
mooyix at gmail.com
Tue Jun 12 23:47:56 GMT 2007
I'm curious to know what you both are using as well; how do such
detection/blocking methods fare against obfuscation techniques such as
VoMM (http://aviv.raffon.net/2006/10/15/VoMMTakingBrowserExploitsToTheNextLevel.aspx)
?
-Brendan
On 6/12/07, Paul Melson <pmelson at gmail.com> wrote:
> > I've also blocked decode statements. My feeling is that if you feel you
> have something to hide, I don't
> > want it.
>
> I tend to concur. We monitor web traffic for patterns indicative of
> JavaScript obfuscation. All of them has either been an exploit/dropper or a
> web ad. Either way, nothing that would be missed.
>
> What are you using to perform filtering?
>
> PaulM
>
>
>
> _________________________________________
> SANSFIRE 2007 July 25-August 2 in Washington, DC. 56 courses, SANS top
> instructors, and a great tools and solutions expo. Register today!
> http://www.sans.org/info/4651 (brochure code ISC)
>
More information about the list
mailing list