Application Delivery Data Security. Erez Hasson , Bruce Lynch. Application Delivery Application Security. Application Delivery. Pamela Weaver. Bruce Lynch. Eyal Gur. Erez Hasson. Yohann Sillam , Ron Masas. Latest Articles. App Security Edge Security DDoS Essentials. Essentials Protocols. Fill out the form and our experts will be in touch shortly to book your personal demo. Was this information helpful? Yes No. Thank you! Any more feedback? The more you tell us the more we can help.
Can you help us improve? Resolved my issue. Clear instructions. Easy to follow. No jargon. Pictures helped. Didn't match my screen. Incorrect instructions. They state that there product stops the attack at the network link, between layers 3 and 4, thus preventing the overflow from ever making it to the physical hard drive.
The other products seem to kill the attack at execution. Just my experence with these products. They all have a fairly large memory footprint, some more that others. During the recent Zotob outbreak, it worked at first, blocking infection attempts that were coming from our WAN.
However, the worm found an unprotected machine on our network, which then found several more unprotected machines. Once there were several infected machines on the LAN, the worm started jumping to protected machines.
After analysis, it looks like the machines were somehow overloaded to the point of rebooting either by network traffic or attempted attacks.
As the machines were booting, the anti-virus hadn't started yet, but the Plug and Play service was reachable via TCP port The previously protected machines became infected, after which they ironically started blocking incoming buffer overflow attempts again albeit too late.
Moral of the story - don't depend solely on McAfee Buffer Overflow Protection, because it won't protect you from a network worm while machines are in the process of booting. Perhaps a desktop firewall might help, but I haven't had a chance to test that yet. I think McAfee should adopt Ford's slogan "Have you taken a look at us lately". One thing for readers to keep in mind is that VirusScan 8. I believe readers could search the Knowledge base for a list of services covered. Another consideration that needs to be acknowledged, is that the protection offered, is the removal of malicious code as a result of a buffer overflow.
While the attacked system will not be infected, the service that the buffer overflow occurred on, my be left in an unstable state. In the case of MS, this meant a possible reboot. I am very impressed with the product. The signature based protection really compliments the behavioral based protection.
0コメント