Full Disclosure mailing list archives

Re: AppScan and IDS evasion

From: "Elazar Broad" <elazar () hushmail com>
Date: Sat, 24 May 2008 22:47:04 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The out of the box ruleset for SmartDefense on the FW1 does some
basic string checking on web traffic(i.e. checking get and post
variables for sql injection and xss etc.) along with some strict
RFC checks, I don't know to what extent though...

Elazar

On Sat, 24 May 2008 10:46:43 -0400 Roman Medina-Heigl Hernandez
<roman () rs-labs com> wrote:

Pen Testing escribió:

I've launched AppScan against a web application and I'm being
blocked/banned (since I have a dynamic IP I can reboot my router

and

get another IP, which is shortly banned again, as long as the

attack

persists). Since AppScan doesn't have any kind of IDS evasion

(AFAIK),

what could I do?


Are you using the default template/policy? Perhaps you could edit
it and/or
create a new (and more relaxed) one by disabling potentially
detectable
checks... No idea about which checks you should eliminate...

PS: I don't know which kind of IDS is in use (perhaps it's not a
full-IDS but some anomaly detection as the one included in

Checkpoint

FW-1 but I don't have that information).


Any of you have more info about the kind of checks FW1 use?

--

Saludos,
-Roman

PGP Fingerprint:
09BB EFCD 21ED 4E79 25FB  29E1 E47F 8A7D EAD5 6742
[Key ID: 0xEAD56742. Available at KeyServ]

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 3.0

wpwEAQECAAYFAkg40ygACgkQi04xwClgpZiWngP/dBsvmll9gPI3XyVbK1jZiTRqRkmb
0MyJET1rz9AoPxqy9+rmvD3PARooALn8CpolXtYfjsfJr8r4qcBE6gc3zEPkNKHqRyTT
2bBnNS3teY1nhtcGPHqc8HH1++UBIvYOy+BEtAS6WUJy37qJ0dd9A3UcVqhhas0hsljn
ur6a3mg=
=MS2U
-----END PGP SIGNATURE-----

--
Right on time. Click now for great project management software!
http://tagline.hushmail.com/fc/Ioyw6h4dJ9PXwsePTgPKtnoK6TUdFxGEMpm1tFYqRR65UrImZy06AQ/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

AppScan and IDS evasion Pen Testing (May 24)
- Re: AppScan and IDS evasion Roman Medina-Heigl Hernandez (May 24)
- <Possible follow-ups>
- Re: AppScan and IDS evasion Elazar Broad (May 24)