IDS: CRI announcement

[Dave Aitel <dave () immunitysec com>]

Hi there, a lot of you probably didn't see the CANVAS Reference 
Implementation (CRI) announcement I gave in Poland in October, so I 
figured I'd send one here, since the main purpose of the CRI is for 
testing HIDS and NIDS of various kinds.
http://www.immunitysec.com/products-canvas-cri.shtml

'What is the "CRI"?' you may ask. The CRI is basically a subset of 
Immunity's CANVAS product, but available for free with an NDA. This 
subset includes a working LSASS bug so you can test your NIDS or HIDS or 
NIPS or HIPS for its ability to parse SMB+MSRPC correctly and detect a 
sample exploit.
How is this different from Tippingpoint's new open source NIPS testing 
tool? Well, the CRI is an actual exploitation engine, with working 
shellcode and attacks, and is not for measuring the effect of load on 
your NIPS. It's also somewhat easier to use - even on Windows - and 
provides a very simple result: I was detected/I was not detected. The 
CRI has 10 levels of covertness, with two basic breakouts which enable 
application layer fragmentation. We suggest trying your NIDS at 
covertness 0 and covertness 10 and seeing the difference!
Thanks,
Dave Aitel
VP Marketing and Sales
Immunity, Inc.

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------