[Owasp-delhi] Attack Scenerio

Parmendra Sharma s.parmendra at gmail.com
Thu Feb 5 03:53:00 EST 2009

Hello OWASP Members,

Please clarify the Attack that is done by the Attacker on the WebServer in
the belowmentioned scenerio:

Network description:

Network threat protection (IPS) installed as a part of Symantec endpoint
protection on Microsoft ISA firewall.

Now there are certain requests that are blocked by the firewall which are
making the OUTGOING connections (which are malicious) and IPS detected those
attack signatures as "[SID=21672] HTTP MS Excel Unicode HLINK BO Detected".

Now my question are:
-> What can be the possible thing that is making the oubound connection to
the malicious server.
-> If IPS is capable of detecting the abovementioned signatures for the
outgoing requests, then why it doesnot blok the same request for the
incoming request so that the attack can be blocked at the Perimeter.

Thanks and Regards:

Parmendra Sharma
Indian Computer Emergency Response Team (CERT-In)
Ministry of Information Technology
Government of India
6 C.G.O Complex
Lodhi Road
New Delhi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-delhi/attachments/20090205/bcc65bf2/attachment.html 

More information about the Owasp-delhi mailing list