[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] IDS or IPS detection and bypass

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] IDS or IPS detection and bypass
From: fd@xxxxxxxxxx
Date: Mon, 8 Aug 2005 13:57:06 -0700 (PDT)

On Mon, 8 Aug 2005, Ahmad N wrote:

>  I was trying to gain a reverse shell to a website the other day using a
> buffer overflow exploit, unfortunaetly it seems like they have some kind
> of buffer overflow exploit protection coming from and IDS or IPS so is
> there a way to find out what exactly is running, an IDS or IPS, and
> accordingly is there a way to bypass these systems

If the IDS uses pcap (tcpdump et al) then you might find a way to crash
the IDS.  It seems that new IDS-crashing spoits come up often enough that
perhaps your customer isn't completely up to date.  Linuxsecurity.com has
a decent article on testing IDS systems here:  
  http://www.linuxsecurity.com/content/view/114356/65/.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] IDS or IPS detection and bypass
  - From: Ivan .

References:
- [Full-disclosure] IDS or IPS detection and bypass
  - From: Ahmad N

Prev by Date: Re: [Full-disclosure] "responsible disclosure" explanation
Next by Date: [Full-disclosure] [USN-162-1] ekg and Gadu library vulnerabilities
Previous by thread: Re: [Full-disclosure] IDS or IPS detection and bypass
Next by thread: Re: [Full-disclosure] IDS or IPS detection and bypass
Index(es):
- Date
- Thread