RE: IPS Testing

[Clone <c70n3 () yahoo co in>]

Pentestr, blocking IP addresses permanently is
definitly an issue. You should report to your customer
that their IPS should block attacks not attackers
(since attackers can spoof IP addresses)

List, has anyone come across an IPS that can identify
whether an IP is spoofed or not? If there isn't any
then blocking IP address is a no no. An attacker can
cause DoS by spoofing IP addresses of partners,
clients and vendors.


> -----Original Message-----
> From: listbounce () securityfocus com
> [mailto:listbounce () securityfocus com] On Behalf Of
> pentestr
> Sent: Thursday, January 03, 2008 3:56 AM
> To: Pentest Mailinglist
> Subject: IPS Testing
>
> Hi,
>
> I am doing a PT for a customer and found that after
> running nessus 
> against the target our IP is getting blocked
> permanently. I want to show 
> this issue to the customer.
> 1. Is there any specific tool that can generate
> nessus traffic by 
> spoofing IPs?
> 2. Is there any tool that can change IP on the fly?
> While running nessus 
> that should change source IP?
>
> The server have only port 80 Open.
>
> Thank you.
> Regards.
> PenTestr.



      Now you can chat without downloading messenger. Go to http://in.messenger.yahoo.com/webmessengerpromo.php


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------