[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] IDS or IPS detection and bypass
- To: "fd@xxxxxxxxxx" <fd@xxxxxxxxxx>
- Subject: Re: [Full-disclosure] IDS or IPS detection and bypass
- From: "Ivan ." <ivanhec@xxxxxxxxx>
- Date: Wed, 10 Aug 2005 09:51:28 +1000
hey what about using https? unless they have set up IPS to decrypt the
traffic you should be cool
cheers
Ivan
On 8/9/05, fd@xxxxxxxxxx <fd@xxxxxxxxxx> wrote:
> On Mon, 8 Aug 2005, Ahmad N wrote:
>
> > I was trying to gain a reverse shell to a website the other day using a
> > buffer overflow exploit, unfortunaetly it seems like they have some kind
> > of buffer overflow exploit protection coming from and IDS or IPS so is
> > there a way to find out what exactly is running, an IDS or IPS, and
> > accordingly is there a way to bypass these systems
>
> If the IDS uses pcap (tcpdump et al) then you might find a way to crash
> the IDS. It seems that new IDS-crashing spoits come up often enough that
> perhaps your customer isn't completely up to date. Linuxsecurity.com has
> a decent article on testing IDS systems here:
> http://www.linuxsecurity.com/content/view/114356/65/.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/