Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

IPS Filter plugin

From: suryak_batchu at yahoo.com (Surya Batchu)
Date: Wed, 30 May 2007 21:50:03 -0700 (PDT)

Hi,


From the description of  presentations on MetaSploit, I thought that IPS filter plugin is meant for evading detection 
by IPS devices and yet exploit would be successful. I thought of using this feature to test the effectiveness of IPS 
devices by populating patterns used by snort signatures.



From the plug-in code, I understand that the  buffer having one of matching patterns is not sent out.  I did not see 
any framework support or modules support to recreate buffer with new content.  If that is the case, isn't it as good 
as not running the exploit?


Can this plugin be used to test the effectiveness of IPS devices? If this plugin is not meant for this, are there any 
ways to configure or extend framework such a way that payloads don't have pre-configured patterns?

Thanks
Surya






       
____________________________________________________________________________________Choose the right car based on your 
needs.  Check out Yahoo! Autos new Car Finder tool.
http://autos.yahoo.com/carfinder/
Previous By Date Next
Previous By Thread Next

Current thread: