Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

pen-test logo Penetration Testing mailing list archives

Re: HIPS Buffer Overflow Protection - Bypass
From: <dfullerton () mantor org>
Date: Wed, 15 Nov 2006 14:43:59 -0500
Bart,

Basically this means that this HIPS does not detect nor protect against this buffer overflow. Looks like the only thing 
detected by the IPS was the different Metasploit payload except the “adduser” one (the actual shellcode signature). 
Consequently, we can say that any custom payload would go undetected. Signature-based recognition is one part of the 
whole detection picture and looks like this IPS can’t do much in others portions of detection/prevention for this 
vulnerability such as stack protection (write and execution of stack memory segment) and heuristic.

Danny Fullerton
IT security Specialist
Mantor Organization

___________________________________
NOCC, http://nocc.sourceforge.net



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]