OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
[ISSForum] Test IPS G200

From: Cesar Farro Flores (cesar.farrot-empresas.com.pe)
Date: Thu May 19 2005 - 16:07:30 CDT

Hi List : I have installed one IPS G 200 and Site Protector in
Distributed Installalation , below the next scenario :

##############
             ################ (In
-Line) # ## #
             # # ###############
############### # Firewall ###
             # ADSL Users # ######## Perimeter ############
IPS_G200 ############ Blade ###############################
             # DNS Clients # ## Router ##
############### # ### ##
             # (Internet) # ###############
                        # ### ##
             # ###############
############# ##

                                 ####################

                       # Content Switch ##

                       # ##

           ####################

                  # #
                                                                        #
#

                  # #

# DNS1# # DNS2# - -

- Anybody have test protocol for test my IPS G200?, the policy applied is
specific for DNS Traffic because the server are DNS -^
 I have some tools : Nikto, Nessus, nmap, hping2, But I dont Know if I
have correct metodology to test it ?,

I really appreciate your help.

Cesar Farro.

issforum-bouncesiss.net escribió el 18/05/2005 01:32:52 p.m.:

> Hello
>
> Question:
> Is Network Sensor able to analysis packets that doesn´t match a
> normal HTTP connection like a example: reverse telnet through port
80(http)?
>
> PAM(Protocol Analysis Module) shouldn't detect this protocol anomaly?
>
> Last weekend my webserver was exploited using "reverse telnet" and I
> my Network Sensor 7.0 was unable to detect this protocol anomaly.
>
>
> Jefferson
>
> Ps: (Reverse
Telnet)http://www.onlamp.com/pub/a/onlamp/2003/05/29/netcat.html
> _______________________________________________
> ISSForum mailing list
> ISSForumiss.net
>
> TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.
> iss.net/mailman/listinfo/issforum
>
> To contact the ISSForum Moderator, send email to mod-issforumiss.net
>
> The ISSForum mailing list is hosted and managed by Internet Security
> Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.

> ForwardSourceID:NT00030EEE

_______________________________________________
ISSForum mailing list
ISSForumiss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforumiss.net

The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.