The new Smart Defense update looks for the exploit itself, not a particular pattern or version of the exploit. The major limitation being, it only works on HTTP marked protocols. In my tests, it has stopped access to all of the available versions of the JPEG/GDI trojans from being downloaded.
HTH, Bill -- Bill Mathews Open Source Software Advocate [EMAIL PROTECTED] -------------------------------------------- "The country, with its institutions, belongs to the people who inhabit it. Whenever they shall grow weary of the existing government, they can exercise their constitutional right of amending it, or their revolutionary right to dismember or overthrow it." - Abraham Lincoln, 1809 - 1865 The wise and noble Ray spiteth forth upon the land, these thoughts: > I don't know about exploits but we've only seen one IP address blocked via > rule 9080, so at least it isn't false posiive crazy. > > Ray > >>From: Philipp M�ller <[EMAIL PROTECTED]> >>Reply-To: Mailing list for discussion of Firewall-1 >><[EMAIL PROTECTED]> >>To: [EMAIL PROTECTED] >>Subject: Re: [FW-1] JPEG/GDI+ DLL Exploit >>Date: Thu, 30 Sep 2004 00:06:56 +0200 >> >>Hi Andras, >> >>Have you the update version 541040926 and Malformed JPEG selected? >>If yes, what is your experience with it on the different JPEGofDeath >>exploit >>codes? How many do you detect? >> >>So far we know of 4 different exploit codes. >> >>cheers >>Philipp >> >> >>> [EMAIL PROTECTED] 29.09.2004 11:07:00 >>> >>Hi, >> >> > Anyone know if you can utilize SmartDefense to catch an HTTP session >>with a >> > vulnerable JPEG. >>Yes, there is a special tab for this in the updated SmartDefense.It is >>able to block the problematic JPEGs (in all protocols where the proto >>type is HTTP). >>The update ID is 541040922 (Sept 22.) >> >>Best regards, >> >>Andras >> >>-- >>Andras Kis-Szabo >>Security Product Manager >>DNS Hungary Ltd. http://www.dns-hungary.hu/CheckPoint >>phone://+36(1) 457 9956 http://www.dns-hungary.hu/RSA >>fax://+36(1) 457 9953 http://www.dns-hungary.hu/nCipher >>gsm://+36(20)519 1854 http://www.dns-hungary.hu/VMware >>http://www.dns-hungary.hu >> >>================================================= >>To set vacation, Out-Of-Office, or away messages, >>send an email to [EMAIL PROTECTED] >>in the BODY of the email add: >>set fw-1-mailinglist nomail >>================================================= >>To unsubscribe from this mailing list, >>please see the instructions at >>http://www.checkpoint.com/services/mailing.html >>================================================= >>If you have any questions on how to change your >>subscription options, email >>[EMAIL PROTECTED] >>================================================= >> >> >>================================================= >>To set vacation, Out-Of-Office, or away messages, >>send an email to [EMAIL PROTECTED] >>in the BODY of the email add: >>set fw-1-mailinglist nomail >>================================================= >>To unsubscribe from this mailing list, >>please see the instructions at >>http://www.checkpoint.com/services/mailing.html >>================================================= >>If you have any questions on how to change your >>subscription options, email >>[EMAIL PROTECTED] >>================================================= > > _________________________________________________________________ > Express yourself instantly with MSN Messenger! Download today - it's FREE! > http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
