pmelson at gmail.com
Wed Jun 13 14:44:44 GMT 2007
> I'm curious to know what you both are using as well; how do such
detection/blocking methods fare against
> obfuscation techniques such as VoMM
I'm using Snort with Bleeding Rules (http://www.bleedingsnort.com/). As for
using the methods described in Aviv's article to hide browser exploits; the
purpose of these signatures is not to identify individual exploits, but to
So would these IDS signatures do better than your AV client? Hopefully.
Would they identify specific exploits? No. Would they detect or block
scripts that aren't hiding an exploit? Probably, but based on my
experience, that's OK. I hate ads anyway.
I have our SIM isolate these alerts for me, so I have the list of sid values
More information about the list