[Dshield] Filtering javascript

Brendan Dolan-Gavitt mooyix at gmail.com
Tue Jun 12 23:47:56 GMT 2007


I'm curious to know what you both are using as well; how do such
detection/blocking methods fare against obfuscation techniques such as
VoMM (http://aviv.raffon.net/2006/10/15/VoMMTakingBrowserExploitsToTheNextLevel.aspx)
?

-Brendan

On 6/12/07, Paul Melson <pmelson at gmail.com> wrote:
> > I've also blocked decode statements. My feeling is that if you feel you
> have something to hide, I don't
> > want it.
>
> I tend to concur.  We monitor web traffic for patterns indicative of
> JavaScript obfuscation.  All of them has either been an exploit/dropper or a
> web ad.  Either way, nothing that would be missed.
>
> What are you using to perform filtering?
>
> PaulM
>
>
>
> _________________________________________
> SANSFIRE 2007 July 25-August 2 in Washington, DC.  56 courses, SANS top
> instructors, and a great tools and solutions expo. Register today!
> http://www.sans.org/info/4651 (brochure code ISC)
>


More information about the list mailing list