arian wrote: I mean, come on: it's a crazy complex job. Not to mention that to attempt every variation on the fly would be too expensive performance-wise.
I agree that most of Layer 7 is going to be beyond IDS/IPS. Its simply a matter of normailzation. Layers 3 and Layers 4 represented in relatively normal forms. TCP/IP stacks don't speak Shift_JIS or UTF-16, let alone nested encodings. Not sure where in the world you get time to finish your research, but I should (will?) probably wrap this up soon if I can find the time.
Smack. Red Bull and Smack. Thanks for the kind notes; now I have to quit making fun of your constant web 2.0/ajax worm stuff. :)
I've got some stuff up my sleeve I think you'll enjoy... RE: Web hackers 9999, IDS 0 |