[Owasp-delhi] Attack Scenerio
s.parmendra at gmail.com
Thu Feb 5 03:53:00 EST 2009
Hello OWASP Members,
Please clarify the Attack that is done by the Attacker on the WebServer in
the belowmentioned scenerio:
Network threat protection (IPS) installed as a part of Symantec endpoint
protection on Microsoft ISA firewall.
Now there are certain requests that are blocked by the firewall which are
making the OUTGOING connections (which are malicious) and IPS detected those
attack signatures as "[SID=21672] HTTP MS Excel Unicode HLINK BO Detected".
Now my question are:
-> What can be the possible thing that is making the oubound connection to
the malicious server.
-> If IPS is capable of detecting the abovementioned signatures for the
outgoing requests, then why it doesnot blok the same request for the
incoming request so that the attack can be blocked at the Perimeter.
Thanks and Regards:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Information Technology
Government of India
6 C.G.O Complex
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-delhi