Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Vulnerability vs. Exploit signatures and IPS??

from [Matt . Carpenter] Network Security [Permanent Link]
Subject: Re: Vulnerability vs. Exploit signatures and IPS??
Date: Wed, 18 May 2005 14:00:16 -0400 
The vulnerabilities often can take many shapes, with arbitrary selections 
which "work" but are not mandated.
Exploits like those found in worms and hacker tools will have a particular 
signature.  Since other code can exploit the same vulnerability but look 
different on the wire, each exploit requires its own signature.

Signatures based on exploits must first have known exploits to identify, 
making them a strictly reactive defense.

Signatures based on the vulnerabilities only require intimate knowledge of 
the vulnerabilities.  They can be developed prior to any known exploits, 
allowing them to be proactive.  This method, done well, is likely to pick 
up exploits before they are publicly available.  Unfortunately, due to the 
increased vagueness of the signature, this method can also lead to more 
false-positives unless the sig-developer has intimate knowledge of the 
protocol as well.  More knowledge is required, often more value is 
delivered.



 
Matthew Carpenter
IT Security Specialist
Alticor Corporation
Phone: 616-787-0287
Email: matt.carpenter@alticor.com
Page Me (230 characters Max)
Email ITSS On-Call Account


-----BEGIN PGP PUBLIC KEY FINGERPRINT-----
PGP Fingerprint: 52C3 328D C29C 178B 2DFD 9EA8 C710 0042 8CB4 3CDB
-----END PGP PUBLIC KEY FINGERPRINT-----




Jacob Winston <jctx09@yahoo.com> 
16/05/2005 22:57

To
focus-ids@securityfocus.com
cc

Subject
Vulnerability vs. Exploit signatures and IPS??









Can someone explain to me the difference in writing signatures based on 
Vulnerabilities versus writing signatures based on Exploits? TippingPoint 
makes a claim that their IPS is better because they write signatures based 
on Vulnerabilities and not exploits. I don't quite understand this.

Thank you,

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------




--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Vulnerability vs. Exploit signatures and IPS??, Andrew Plato
Next by Date:  RE: IDS ISS, Palmer, Paul (ISSAtlanta)
Previous by Thread:  Vulnerability vs. Exploit signatures and IPS??, Jacob Winston
Next by Thread:  Re: Vulnerability vs. Exploit signatures and IPS??, Ed Gibbs
Indexes:  [Date] [Thread] [Top] [All Lists]