Network Security: Detailed info on [ISSForum] Test IPS G200

Subject:	[ISSForum] Test IPS G200
Date:	Thu, 19 May 2005 16:07:30 -0500

Hi List  :   I have installed one IPS G 200 and Site Protector in
Distributed Installalation , below  the next scenario :


##############
             ################                                     (In
-Line)            #                ##     #
             #                 #                 ###############
###############         # Firewall        ###
             #   ADSL Users      #  ########  Perimeter    ############
IPS_G200   ############   Blade          ###############################
             #  DNS Clients    #                  ##  Router    ##
###############         #                         ###                   ##
             #        (Internet)            #               ###############
                        #                         ###                   ##
             #    ###############
#############                             ##

                                 ####################

                       #  Content Switch        ##

                       #                                       ##

           ####################

                  #                           #
                                                                        #
#

                  #                           #

# DNS1#             # DNS2#   - -

-  Anybody have test protocol for test  my IPS G200?, the policy applied is
specific for DNS Traffic because the  server are  DNS  -^
 I have some tools :  Nikto, Nessus, nmap, hping2, But I dont Know if  I
have correct  metodology to test it ?,

I really appreciate your help.

Cesar Farro.


issforum-bounces@iss.net escribió el 18/05/2005 01:32:52 p.m.:

Hello

Question:
Is Network Sensor able to analysis packets that doesn´t match a
normal HTTP connection like a example: reverse telnet through port

80(http)?


PAM(Protocol Analysis Module) shouldn't detect this protocol anomaly?

Last weekend my webserver was exploited using "reverse telnet" and I
my Network Sensor 7.0 was unable to detect this protocol anomaly.


Jefferson

Ps: (Reverse

Telnet)http://www.onlamp.com/pub/a/onlamp/2003/05/29/netcat.html

_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.
iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.

ForwardSourceID:NT00030EEE




_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to 
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security Systems, 
6303 Barfield Road, Atlanta, Georgia, USA 30328.

<Prev in Thread]	Current Thread	[Next in Thread>
[ISSForum] Unable to detect reverse telnet, jefferson.macedos [ISSForum] Test IPS G200, Cesar Farro Flores <=

Previous by Date:	[ISSForum] Bug in ISS Proventia desktop v 8.0.614.0, Ladislav Zezula
Next by Date:	[ISSForum] Alert on sensor "Not Responding", Nicholas Cross
Previous by Thread:	[ISSForum] Unable to detect reverse telnet, jefferson.macedos
Next by Thread:	[ISSForum] Bug in ISS Proventia desktop v 8.0.614.0, Ladislav Zezula
Indexes:	[Date] [Thread] [Top] [All Lists]