Right. If traffic does not go through IPS, it has no way of detecting exploits. Some companies allow phone traffic to go through its network for all kinds of traffic with split tunnel mode OFF. In these cases too, network IPS, when deployed at the right place can detect the exploits.
thanks Ravi On Wed, Jun 11, 2008 at 11:21 AM, Ureleet <[EMAIL PROTECTED]> wrote: > on the iphone? how are you going to detect that using a network based ips? > > i mean, if the iphone is on wifi, but other than that... > > On Mon, Jun 9, 2008 at 11:56 PM, Ravi Chunduru > <[EMAIL PROTECTED]> wrote: >> This seems fine to me. do you know the vulnerable version of Safari browser? >> >> Thanks >> Ravi >> >> On Mon, Jun 9, 2008 at 7:17 PM, Srinivasa Addepalli <[EMAIL PROTECTED]> >> wrote: >>> Hi Ravi, >>> >>> You are right that many IDS/IPS systems don't have java script analyzers. >>> Even the systems that have these analyzers will also have problems in >>> detecting these kinds of attacks. >>> >>> One simple way is to create a signature which checks version string in >>> User-Agent field and javascript in response html data. If user agent >>> version indicates vulnerable software edition and javascript is seen, this >>> signature flags the administrator. Since javascript is not analyzed, there >>> could be false positives; but at the minimum, it provides logs and alerts to >>> administrator to take further action. >>> >>> Srini >>> >>> >>> -----Original Message----- >>> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On >>> Behalf Of Ravi Chunduru >>> Sent: Saturday, June 07, 2008 1:55 PM >>> To: Focus IDS >>> Subject: Javascript long string detection >>> >>> Hi, >>> >>> I have come across this vulnerability >>> >>> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0729 >>> >>> and corresponding Exploit at >>> >>> http://www.milw0rm.org/exploits/5268 >>> >>> There are so many ways to create a long string in Javascript. How do >>> Network based IDS/IPS can detect these kinds of attacks? Is it >>> possible to create signatures to detect these attacks? Many existing >>> IDS/IPS devices don't have capabilities to interpret and evaluate >>> javascripts. So, I would think that it is nearly impossible. Any >>> insight? >>> >>> Thanks >>> Ravi >>> >>> ------------------------------------------------------------------------ >>> Test Your IDS >>> >>> Is your IDS deployed correctly? >>> Find out quickly and easily by testing it >>> with real-world attacks from CORE IMPACT. >>> Go to >>> http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=in >>> tro_sfw >>> to learn more. >>> ------------------------------------------------------------------------ >>> >>> >>> >> >> ------------------------------------------------------------------------ >> Test Your IDS >> >> Is your IDS deployed correctly? >> Find out quickly and easily by testing it >> with real-world attacks from CORE IMPACT. >> Go to >> http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw >> to learn more. >> ------------------------------------------------------------------------ >> >> > ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
