The target is evading detection by widely used products from major security vendors like Cisco, Check Point, Fortinet, Paloalto, TippingPoint and Snort trying to take advantage of MS08-067(http://technet.microsoft.com/en-us/security/bulletin/ms08-067), used by Conficker some years ago...
You can download the report by clicking on this link: http://www.sans.org/reading_room/whitepapers/intrusion/beating-ips_34137
The report's conclusion indicates the efficiency against the automatic attack, however, when we have a custom attack, the situation changes...
All vendors were bypassed using the default IPS settings except one: Checkpoint
The Sans's report recommends blocking Null sessions if we do not need them, and keep an eye on your IPS alerts.
No comments:
Post a Comment