lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <6450e99d0508091651204d8dce@mail.gmail.com>
Date: Wed Aug 10 00:51:36 2005
From: ivanhec at gmail.com (Ivan .)
Subject: IDS or IPS detection and bypass

hey what about using https? unless they have set up IPS to decrypt the
traffic you should be cool

cheers
Ivan

On 8/9/05, fd@...nsci.us <fd@...nsci.us> wrote:
> On Mon, 8 Aug 2005, Ahmad N wrote:
> 
> >  I was trying to gain a reverse shell to a website the other day using a
> > buffer overflow exploit, unfortunaetly it seems like they have some kind
> > of buffer overflow exploit protection coming from and IDS or IPS so is
> > there a way to find out what exactly is running, an IDS or IPS, and
> > accordingly is there a way to bypass these systems
> 
> If the IDS uses pcap (tcpdump et al) then you might find a way to crash
> the IDS.  It seems that new IDS-crashing spoits come up often enough that
> perhaps your customer isn't completely up to date.  Linuxsecurity.com has
> a decent article on testing IDS systems here:
>   http://www.linuxsecurity.com/content/view/114356/65/.
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ