Full Disclosure mailing list archives
Re: IDS or IPS detection and bypass
From: fd () ew nsci us
Date: Mon, 8 Aug 2005 13:57:06 -0700 (PDT)
On Mon, 8 Aug 2005, Ahmad N wrote:
I was trying to gain a reverse shell to a website the other day using a buffer overflow exploit, unfortunaetly it seems like they have some kind of buffer overflow exploit protection coming from and IDS or IPS so is there a way to find out what exactly is running, an IDS or IPS, and accordingly is there a way to bypass these systems
If the IDS uses pcap (tcpdump et al) then you might find a way to crash the IDS. It seems that new IDS-crashing spoits come up often enough that perhaps your customer isn't completely up to date. Linuxsecurity.com has a decent article on testing IDS systems here: http://www.linuxsecurity.com/content/view/114356/65/. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- IDS or IPS detection and bypass Ahmad N (Aug 08)
- Re: IDS or IPS detection and bypass Michael Holstein (Aug 08)
- Re: IDS or IPS detection and bypass Frank Knobbe (Aug 08)
- Re: IDS or IPS detection and bypass fd (Aug 08)
- Re: IDS or IPS detection and bypass Ivan . (Aug 09)