Re: AppScan and IDS evasion

[Roman Medina-Heigl Hernandez <roman () rs-labs com>]

Pen Testing escribió:

> I've launched AppScan against a web application and I'm being
> blocked/banned (since I have a dynamic IP I can reboot my router and
> get another IP, which is shortly banned again, as long as the attack
> persists). Since AppScan doesn't have any kind of IDS evasion (AFAIK),
> what could I do?

Are you using the default template/policy? Perhaps you could edit it and/or 
create a new (and more relaxed) one by disabling potentially detectable 
checks... No idea about which checks you should eliminate...

> PS: I don't know which kind of IDS is in use (perhaps it's not a
> full-IDS but some anomaly detection as the one included in Checkpoint
> FW-1 but I don't have that information).

Any of you have more info about the kind of checks FW1 use?

-- 

Saludos,
-Roman

PGP Fingerprint:
09BB EFCD 21ED 4E79 25FB  29E1 E47F 8A7D EAD5 6742
[Key ID: 0xEAD56742. Available at KeyServ]

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/