by Anton Chuvakin
This paper seeks to provide guidance on "how to protect your company from 'zero-day' exploits". It is a fun read, althought I am not entirely convinced that Network Intrusion Prevention Systems (NIPS) can help here. Definitely, good security practices will help.Maybe host-based kernel-level prevention systems can do some of it. However, trying to make an automated blocking decision without the sufficient information (always the case for the 0days) seems very tough. I wonder how this and other vendors are really doing it.
The examples listed are NOT zero-day exploits at all.
The Blaster worm hit the net AFTER the patch to prevent infection became available.
The Cisco vulnerability was disclosed by Cisco themselves (why they did that without releasing a fix for it I don't know).
Slammer too was released after the hole was closed (or at least after the tools to close the hole became available).