Re: Cisco IOS Shellcode - McAfee IPS Protection

• Previous message: AsTriXs: "Re: Looking for HIDS-only products for XP/2000Pro"
• In reply to: Joel Esler: "Re: Cisco IOS Shellcode - McAfee IPS Protection"
• Next in thread: Ron Gula: "Re: Cisco IOS Shellcode - McAfee IPS Protection"
• Reply: Ron Gula: "Re: Cisco IOS Shellcode - McAfee IPS Protection"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Joel Esler" <eslerj@gmail.com>, "planz 235" <planz2009@gmail.com>
Date: Mon, 8 Aug 2005 10:12:38 -0700

Having used IntruShield for several years, I called them on this because I
thought the same thing. As it turns out, they protect detect the shell
code, and if your policies setup can actually block it. Their detection of
shell-code execution is pretty strong from our research.

Ed

----- Original Message -----
From: "Joel Esler" <eslerj@gmail.com>
To: "planz 235" <planz2009@gmail.com>
Cc: <focus-ids@securityfocus.com>
Sent: Thursday, August 04, 2005 3:25 PM
Subject: Re: Cisco IOS Shellcode - McAfee IPS Protection

> How can they have "0-day" if ISS (makers of RealSecure and proventia IDS)
> announced the vuln? Wouldn't that lead us to believe that ISS had it
> first?
>
> Beyond that, it's been a week, I am sure that all the major IDS venders
> have it.
>
> Joel
>
> (Yes, I work for an IDS company, and yes, we have a way to detect it)
>
>
> On Aug 4, 2005, at 3:53 AM, planz 235 wrote:
>
>> Hi,
>>
>> McAfee claims to have "Zero-day" protection against the recent
>> vulnerability disclosed against Cisco particularly on Shellcodes.
>> Their press release says, McAfee IntruShield's existing infrastructure
>> protection proactively covers new exploit techniques against Cisco
>> IOS, such as those demonstrated at last week's Black Hat conference.
>> [http://www.mcafeesecurity.com/us/about/press/corporate/
>> 2005/20050803_181545.htm
>> ]
>>
>> Someone using Intrushield can validate this statement..?
>>
>> Regards,
>> Planz
>>
>
>
> ------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it with real-world attacks from
> CORE IMPACT.
> Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
> to learn more.
> ------------------------------------------------------------------------
>
>
>

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------

• Previous message: AsTriXs: "Re: Looking for HIDS-only products for XP/2000Pro"
• In reply to: Joel Esler: "Re: Cisco IOS Shellcode - McAfee IPS Protection"
• Next in thread: Ron Gula: "Re: Cisco IOS Shellcode - McAfee IPS Protection"
• Reply: Ron Gula: "Re: Cisco IOS Shellcode - McAfee IPS Protection"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]