Re: Cisco IOS Shellcode - McAfee IPS Protection

From: Joel Esler (eslerj_at_gmail.com)
Date: 08/05/05

  • Next message: Jean-Pierre Denis: "Updating Enterasys Dragon NIDS signature..." 
    Date: Thu, 4 Aug 2005 18:25:21 -0400
To: planz 235 <planz2009@gmail.com>

    How can they have "0-day" if ISS (makers of RealSecure and proventia
    IDS) announced the vuln? Wouldn't that lead us to believe that ISS
    had it first?

    Beyond that, it's been a week, I am sure that all the major IDS
    venders have it.

    Joel

    (Yes, I work for an IDS company, and yes, we have a way to detect it)

    On Aug 4, 2005, at 3:53 AM, planz 235 wrote:

    > Hi,
    >
    > McAfee claims to have "Zero-day" protection against the recent
    > vulnerability disclosed against Cisco particularly on Shellcodes.
    > Their press release says, McAfee IntruShield's existing infrastructure
    > protection proactively covers new exploit techniques against Cisco
    > IOS, such as those demonstrated at last week's Black Hat conference.
    > [http://www.mcafeesecurity.com/us/about/press/corporate/
    > 2005/20050803_181545.htm
    > ]
    >
    > Someone using Intrushield can validate this statement..?
    >
    > Regards,
    > Planz
    >

    ------------------------------------------------------------------------
    Test Your IDS

    Is your IDS deployed correctly?
    Find out quickly and easily by testing it
    with real-world attacks from CORE IMPACT.
    Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
    to learn more.
    ------------------------------------------------------------------------

  • Next message: Jean-Pierre Denis: "Updating Enterasys Dragon NIDS signature..."

    Relevant Pages

    • Re: Recommending an IDS system
      ... re: Cisco IDS, I have a few things to say about Cisco's product: junk. ... into ONE inky-dinky "black box" that was maintained by a "security ... Like I said before, ISS ...
      (Security-Basics)
    • RE: Recommending an IDS system
      ... Same here - haven't used the ISS, but I have no problem with auto updates, and Cisco is releasing signatures very quickly. ... Subject: Recommending an IDS system ... I never worked with ISS IDS appliance before so I can't really comment on ...
      (Security-Basics)
    • RE: IDS recommendations
      ... Ernon was the market leader in their business sector also. ... heard Enron was ISS' biggest customer so perhaps after Enron falls ISS will no ... We have replaced our Dragon sensors with Snort and our parent company is ... They are also the market leader in IDS ...
      (Focus-IDS)
    • RE: IDS ISS
      ... Have had several years experience with ISS. ... Sourcefire is doing some very interesting and innovative work with snort ... Subject: IDS ISS ... > Find out quickly and easily by testing it with real-world attacks from ...
      (Focus-IDS)
    • RE: How to choose an IDS/FW MSS provider
      ... but since ISS signatures are not purely "match this ... ISS MSS from our experience as an ISS reseller has been positive. ... >I guess you must be special to ISS, from my experience the support has been ... My impression about Cisco IDS for example is that they just do follow ...
      (Focus-IDS)