Hijexx wrote: Side note: Folks from work were sweating me today about you. "Do you have Billy's email address?" They were wanting info on possible snort sigs for some of the hacking intranet site POC's. I told them it'd be pretty pointless to try (trivial obfuscation) but then someone else asked for your email address as well. So I'm doing due diligence: Do you know of anyone working on sigs?
Sorry Daniel, I do not. I've haven't been paying too much attentions to trying to stop layer 7 attacks in layers 3 or 4. I have found that so-called web app firewalls that are independent from the application are pretty much worthless except for extreme cases. Detecting and stopping attacks at layer 7 is hard, we don't have any good solutions yet, and trying to apply solutions from lower layers to layer 7 doesn't work too well. Hope that helps. RE: Ajax books are teh sux.... for now. | 
