IDS mailing list archives

Re: Cisco IOS Shellcode - McAfee IPS Protection

From: Joel Esler <eslerj () gmail com>
Date: Thu, 4 Aug 2005 18:25:21 -0400

How can they have "0-day" if ISS (makers of RealSecure and proventiaIDS) announced the vuln? Wouldn't that lead us to believe that ISShad it first?

Beyond that, it's been a week, I am sure that all the major IDSvenders have it.


Joel

(Yes, I work for an IDS company, and yes, we have a way to detect it)


On Aug 4, 2005, at 3:53 AM, planz 235 wrote:

Hi,

McAfee claims to have "Zero-day" protection against the recent
vulnerability disclosed against Cisco particularly on Shellcodes.
Their press release says, McAfee IntruShield's existing infrastructure
protection proactively covers new exploit techniques against Cisco
IOS, such as those demonstrated at last week's Black Hat conference.

[http://www.mcafeesecurity.com/us/about/press/corporate/2005/20050803_181545.htm

]

 Someone using Intrushield can validate this statement..?

 Regards,
 Planz



------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?

Find out quickly and easily by testing itwith real-world attacks from CORE IMPACT.Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708to learn more.

------------------------------------------------------------------------

Current thread:

Re: Cisco IOS Shellcode - McAfee IPS Protection Joel Esler (Aug 08)
- Re: Cisco IOS Shellcode - McAfee IPS Protection Ed Gibbs (Aug 08)
  - Re: Cisco IOS Shellcode - McAfee IPS Protection Ron Gula (Aug 09)
- Re: Cisco IOS Shellcode - McAfee IPS Protection Ron Gula (Aug 08)
  - Re: Cisco IOS Shellcode - McAfee IPS Protection Martin Roesch (Aug 09)