On 10/10/06 13:10 +0530, SanjayR wrote: <snip> > signatures are not required!!!). One is going to a site which > contains a malicious file that causes IE to crash. so what..don't go > or don't download that.. anyway that file is bad.
Uhm, and then someone has a nice, Javascripted link to it somewhere else? If you use IE (including any of the rendering components), then you can be threatened by any attack on them. > If my assumption is correct and justified, then TrafficIQ, as an > IDS/IPS evaluation tool, should not contain such traffic. Such Why? Malicious files can be transferred in any way, and deployed to IE, not necessarily only via port 80. > traffic, as such, does not evaluate capabilities of an IDS/IPS > effectively. Has TrafficIQ included such traffic just to advertise > its high number of various attacks? This should be detectable. AFAIK, many other programs use the IE rendering engine to render HTML, including Outlook and Outlook Express. A DoS attack against the rendering engine couldcome in via a carefully crafted HTML message. Devdas Bhagat ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
