next up previous contents
Next: Catch the Oddities of Up: Writing Good Rules Previous: Content Matching   Contents

Catch the Vulnerability, Not the Exploit

Try to write rules that target the vulnerability, instead of a specific exploit.

For example, look for a the vulnerable command with an argument that is too large, instead of shellcode that binds a shell.

By writing rules for the vulnerability, the rule is less vulnerable to evasion when an attacker changes the exploit slightly.



Eugene Misnik 2013-05-08