Full Disclosure mailing list archives
Re: AppScan and IDS evasion
From: "Elazar Broad" <elazar () hushmail com>
Date: Sat, 24 May 2008 22:47:04 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The out of the box ruleset for SmartDefense on the FW1 does some basic string checking on web traffic(i.e. checking get and post variables for sql injection and xss etc.) along with some strict RFC checks, I don't know to what extent though... Elazar On Sat, 24 May 2008 10:46:43 -0400 Roman Medina-Heigl Hernandez <roman () rs-labs com> wrote:
Pen Testing escribió:I've launched AppScan against a web application and I'm being blocked/banned (since I have a dynamic IP I can reboot my routerandget another IP, which is shortly banned again, as long as theattackpersists). Since AppScan doesn't have any kind of IDS evasion(AFAIK),what could I do?Are you using the default template/policy? Perhaps you could edit it and/or create a new (and more relaxed) one by disabling potentially detectable checks... No idea about which checks you should eliminate...PS: I don't know which kind of IDS is in use (perhaps it's not a full-IDS but some anomaly detection as the one included inCheckpointFW-1 but I don't have that information).Any of you have more info about the kind of checks FW1 use? -- Saludos, -Roman PGP Fingerprint: 09BB EFCD 21ED 4E79 25FB 29E1 E47F 8A7D EAD5 6742 [Key ID: 0xEAD56742. Available at KeyServ] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE----- Charset: UTF8 Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 3.0 wpwEAQECAAYFAkg40ygACgkQi04xwClgpZiWngP/dBsvmll9gPI3XyVbK1jZiTRqRkmb 0MyJET1rz9AoPxqy9+rmvD3PARooALn8CpolXtYfjsfJr8r4qcBE6gc3zEPkNKHqRyTT 2bBnNS3teY1nhtcGPHqc8HH1++UBIvYOy+BEtAS6WUJy37qJ0dd9A3UcVqhhas0hsljn ur6a3mg= =MS2U -----END PGP SIGNATURE----- -- Right on time. Click now for great project management software! http://tagline.hushmail.com/fc/Ioyw6h4dJ9PXwsePTgPKtnoK6TUdFxGEMpm1tFYqRR65UrImZy06AQ/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- AppScan and IDS evasion Pen Testing (May 24)
- Re: AppScan and IDS evasion Roman Medina-Heigl Hernandez (May 24)
- <Possible follow-ups>
- Re: AppScan and IDS evasion Elazar Broad (May 24)