Home page logo

pen-test logo Penetration Testing mailing list archives

Re: AppScan and IDS evasion
From: Chroot <chrooted () gmail com>
Date: Fri, 27 Jun 2008 12:03:45 +0530

Isn't this a vulnerability in itself that your client blocks an IP
address. This could result in a DoS attack if you can spoof source IP
address. In my book IPS should block the attack not the source. Source
can be spoofed.

On Sat, May 24, 2008 at 7:44 PM, Pen Testing <quick.pentesting () gmail com> wrote:

I've launched AppScan against a web application and I'm being
blocked/banned (since I have a dynamic IP I can reboot my router and
get another IP, which is shortly banned again, as long as the attack
persists). Since AppScan doesn't have any kind of IDS evasion (AFAIK),
what could I do?

Of course, I can perform a manual audit (which I was going to do
anyway, automatic scanners are only the first phase) but do you have
other ideas to bypass the locking mechanism? Perhaps I could put in
place some kind of proxy applying IDS-evasion techniques, so I could
configure AppScan to use that proxy, and this last one would be in
charge of manipulate/rewrite the requests to bypass IDS. Does such a
proxy exist?

It would be nice if you could point to some good and practical
anti-IDS paper, doc and tools.

Thank you.

PS: I don't know which kind of IDS is in use (perhaps it's not a
full-IDS but some anomaly detection as the one included in Checkpoint
FW-1 but I don't have that information).


This list is sponsored by: Cenzic

Top 5 Common Mistakes
in Securing Web Applications
Find out now! Get Webinar Recording and PPT Slides


This list is sponsored by: Cenzic

Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]