Full Disclosure mailing list archives
Re: AppScan and IDS evasion
From: Roman Medina-Heigl Hernandez <roman () rs-labs com>
Date: Sat, 24 May 2008 16:46:43 +0200
Pen Testing escribió:
I've launched AppScan against a web application and I'm being blocked/banned (since I have a dynamic IP I can reboot my router and get another IP, which is shortly banned again, as long as the attack persists). Since AppScan doesn't have any kind of IDS evasion (AFAIK), what could I do?
Are you using the default template/policy? Perhaps you could edit it and/or create a new (and more relaxed) one by disabling potentially detectable checks... No idea about which checks you should eliminate...
PS: I don't know which kind of IDS is in use (perhaps it's not a full-IDS but some anomaly detection as the one included in Checkpoint FW-1 but I don't have that information).
Any of you have more info about the kind of checks FW1 use? -- Saludos, -Roman PGP Fingerprint: 09BB EFCD 21ED 4E79 25FB 29E1 E47F 8A7D EAD5 6742 [Key ID: 0xEAD56742. Available at KeyServ] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- AppScan and IDS evasion Pen Testing (May 24)
- Re: AppScan and IDS evasion Roman Medina-Heigl Hernandez (May 24)
- <Possible follow-ups>
- Re: AppScan and IDS evasion Elazar Broad (May 24)