The last week of March, SANS Institute published "Beating the IPS". This report shows us different IPS evasion techniques manipulating the payload, header, and traffic flow of a well-known attack.
The target is evading detection by widely used products from major security vendors like Cisco, Check Point, Fortinet, Paloalto, TippingPoint and Snort trying to take advantage of MS08-067(http://technet.microsoft.com/en-us/security/bulletin/ms08-067), used by Conficker some years ago...
You can download the report by clicking on this link: http://www.sans.org/reading_room/whitepapers/intrusion/beating-ips_34137
The report's conclusion indicates the efficiency against the automatic attack, however, when we have a custom attack, the situation changes...
All vendors were bypassed using the default IPS settings except one: Checkpoint
The Sans's report recommends blocking Null sessions if we do not need them, and keep an eye on your IPS alerts.
Subscribe to:
Post Comments (Atom)
About Me
Popular Posts
-
When we are involved in an incident handling and we are in charge of analyzing a traffic capture in a pcap format related to an attack, one...
-
In this post I'm going to talk about Volatility. Volatility is one of the best tools for memory forensics. It is an open source frame...
-
Introduction Wordpress is the CMS most used Worldwide. According to w3techs.com WordPress is used by 61.1% of all the websites whose con...
-
Last week, Dmitry Chastuchin, Principal Researcher ERPScan published vulnerabilities on SAP. SAP is the most popular business application....
-
Network forensics is something we should practice as much as possible to become faster at detecting supicious activies in our networks. Thi...
Behind The Firewalls. Powered by Blogger.
0 comments:
Post a Comment