|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
senatorfrog
gmail.com
Date: Thu Aug 23 2007 - 14:59:19 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hello list
Does anyone have any experience with writing signatures for McAfee IPS systems? It's a bit frustrating compared to a system like Snort, because the vendor-supplied sigs are "secret sauce". I can't just look in there for examples similar to what I'm trying to achieve.
What I'm after in this case should in principle be relatively simple - I want to catch certain function calls in an HTTP response, but only in the context of a javascript block. I'd like to avoid tripping the signatures if the same strings come up in the regular text of a page, e.g. a in a mailing list posting describing an IDS signature or a browser vulnerability...
Regards
Mark
PS - kindly cc me on replies, as I'm not subscribed to the list
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]