Metasploit mailing list archives
IPS Filter plugin
From: suryak_batchu at yahoo.com (Surya Batchu)
Date: Wed, 30 May 2007 21:50:03 -0700 (PDT)
Hi,
From the description of presentations on MetaSploit, I thought that IPS filter plugin is meant for evading detection by IPS devices and yet exploit would be successful. I thought of using this feature to test the effectiveness of IPS devices by populating patterns used by snort signatures.
From the plug-in code, I understand that the buffer having one of matching patterns is not sent out. I did not see any framework support or modules support to recreate buffer with new content. If that is the case, isn't it as good as not running the exploit?
Can this plugin be used to test the effectiveness of IPS devices? If this plugin is not meant for this, are there any ways to configure or extend framework such a way that payloads don't have pre-configured patterns? Thanks Surya ____________________________________________________________________________________Choose the right car based on your needs. Check out Yahoo! Autos new Car Finder tool. http://autos.yahoo.com/carfinder/
Current thread:
- IPS Filter plugin Surya Batchu (May 30)
- IPS Filter plugin H D Moore (May 30)
- <Possible follow-ups>
- IPS Filter plugin Surya Batchu (May 31)