Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
[ISSForum] Unix/Linux Shell code execution signatures Proventia A 201
From: Juan Roa (juanukogmail.com)
Date: Thu Jun 23 2005 - 14:28:45 CDT
We had made some testing in our labs, in order to determine if the
signatures already present in siteprotector sensors( wee can only find
8) are able to detect code shell execution in unix/linux web servers
We try a lot of examples of code shell execution attemps , starting
off very specific to very general shell code execution attemps, and we
only can trigger the " HTTP_Unix_Passwords".
The signatures that we enabled in the policies were:
We are very worried because we was unable to detect a lot of attemps
of attacks of this kind.
Any ideas would help.
Thanks in advance
Juan Roa Salinas
ISSForum mailing list
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum
To contact the ISSForum Moderator, send email to mod-issforumiss.net
The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.