IDS mailing list archives

Re: interesting paper on testing sig-based IDS


From: Stefano Zanero <zanero () elet polimi it>
Date: Thu, 03 Mar 2005 13:23:04 +0100

Giovanni Vigna wrote:

Our tool, which is called 'Sploit', is more similar to CANVAS than to any other.
I haven't seen/tried CANVAS so I am not sure, but the basic ideas seem
similar.

Having seen both ;) they have different aims (pen testing vs. IDS signature testing), and are structurally different. In particular, while "sploit" deals with composition of evasion techniques, CANVAS does not.

This means that in CANVAS (as of my experience with CRI, maybe Dave Aitel will chime in and correct me if I'm wrong) you have a slider for "incrementing" or "decrementing" covertness, being advised that incrementing it could result in unreliable exploitation.

As for sploit, for what I've seen you instead add in the composability of the various techniques giving more control to the user. CANVAS has the objective of keeping the exploit functional, while Sploit has the objective of seeing wether or not a combination is functional AND bypasses the IDS system.

Best,
Stefano Zanero
Dottorando di Ricerca / Ph.D. Student
Politecnico di Milano - Dip. Elettronica e Informazione

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------


Current thread: