| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20080525024704.DA04C1A003A@mailserver8.hushmail.com> Date: Sat, 24 May 2008 22:47:04 -0400 From: "Elazar Broad" <elazar@...hmail.com> To: full-disclosure@...ts.grok.org.uk, roman@...labs.com Subject: Re: AppScan and IDS evasion -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The out of the box ruleset for SmartDefense on the FW1 does some basic string checking on web traffic(i.e. checking get and post variables for sql injection and xss etc.) along with some strict RFC checks, I don't know to what extent though... Elazar On Sat, 24 May 2008 10:46:43 -0400 Roman Medina-Heigl Hernandez <roman@...labs.com> wrote: >Pen Testing escribió: > >> I've launched AppScan against a web application and I'm being >> blocked/banned (since I have a dynamic IP I can reboot my router >and >> get another IP, which is shortly banned again, as long as the >attack >> persists). Since AppScan doesn't have any kind of IDS evasion >(AFAIK), >> what could I do? > >Are you using the default template/policy? Perhaps you could edit >it and/or >create a new (and more relaxed) one by disabling potentially >detectable >checks... No idea about which checks you should eliminate... > >> PS: I don't know which kind of IDS is in use (perhaps it's not a >> full-IDS but some anomaly detection as the one included in >Checkpoint >> FW-1 but I don't have that information). > >Any of you have more info about the kind of checks FW1 use? > >-- > >Saludos, >-Roman > >PGP Fingerprint: >09BB EFCD 21ED 4E79 25FB 29E1 E47F 8A7D EAD5 6742 >[Key ID: 0xEAD56742. Available at KeyServ] > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >Hosted and sponsored by Secunia - http://secunia.com/ -----BEGIN PGP SIGNATURE----- Charset: UTF8 Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 3.0 wpwEAQECAAYFAkg40ygACgkQi04xwClgpZiWngP/dBsvmll9gPI3XyVbK1jZiTRqRkmb 0MyJET1rz9AoPxqy9+rmvD3PARooALn8CpolXtYfjsfJr8r4qcBE6gc3zEPkNKHqRyTT 2bBnNS3teY1nhtcGPHqc8HH1++UBIvYOy+BEtAS6WUJy37qJ0dd9A3UcVqhhas0hsljn ur6a3mg= =MS2U -----END PGP SIGNATURE----- -- Right on time. Click now for great project management software! http://tagline.hushmail.com/fc/Ioyw6h4dJ9PXwsePTgPKtnoK6TUdFxGEMpm1tFYqRR65UrImZy06AQ/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists