Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IDS or IPS detection and bypass

From: "Ivan ." <ivanhec () gmail com>
Date: Wed, 10 Aug 2005 09:51:28 +1000
hey what about using https? unless they have set up IPS to decrypt the
traffic you should be cool

cheers
Ivan

On 8/9/05, fd () ew nsci us <fd () ew nsci us> wrote:

On Mon, 8 Aug 2005, Ahmad N wrote:


 I was trying to gain a reverse shell to a website the other day using a
buffer overflow exploit, unfortunaetly it seems like they have some kind
of buffer overflow exploit protection coming from and IDS or IPS so is
there a way to find out what exactly is running, an IDS or IPS, and
accordingly is there a way to bypass these systems


If the IDS uses pcap (tcpdump et al) then you might find a way to crash
the IDS.  It seems that new IDS-crashing spoits come up often enough that
perhaps your customer isn't completely up to date.  Linuxsecurity.com has
a decent article on testing IDS systems here:
  http://www.linuxsecurity.com/content/view/114356/65/.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: