[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] AppScan and IDS evasion
- To: "full-disclosure@xxxxxxxxxxxxxxxxx >> Full Disclosure" <full-disclosure@xxxxxxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] AppScan and IDS evasion
- From: Roman Medina-Heigl Hernandez <roman@xxxxxxxxxxx>
- Date: Sat, 24 May 2008 16:46:43 +0200
Pen Testing escribió:
> I've launched AppScan against a web application and I'm being
> blocked/banned (since I have a dynamic IP I can reboot my router and
> get another IP, which is shortly banned again, as long as the attack
> persists). Since AppScan doesn't have any kind of IDS evasion (AFAIK),
> what could I do?
Are you using the default template/policy? Perhaps you could edit it and/or
create a new (and more relaxed) one by disabling potentially detectable
checks... No idea about which checks you should eliminate...
> PS: I don't know which kind of IDS is in use (perhaps it's not a
> full-IDS but some anomaly detection as the one included in Checkpoint
> FW-1 but I don't have that information).
Any of you have more info about the kind of checks FW1 use?
--
Saludos,
-Roman
PGP Fingerprint:
09BB EFCD 21ED 4E79 25FB 29E1 E47F 8A7D EAD5 6742
[Key ID: 0xEAD56742. Available at KeyServ]
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/