Re: Cisco IOS Shellcode - McAfee IPS Protection

Mon, 08 Aug 2005 15:46:51 -0700

Having used IntruShield for several years, I called them on this because I thought the same thing. As it turns out, they protect detect the shell code, and if your policies setup can actually block it. Their detection of shell-code execution is pretty strong from our research. 

Ed
----- Original Message ----- From: "Joel Esler" <[EMAIL PROTECTED]> 
To: "planz 235" <[EMAIL PROTECTED]>
Cc: <[email protected]>
Sent: Thursday, August 04, 2005 3:25 PM
Subject: Re: Cisco IOS Shellcode - McAfee IPS Protection
How can they have "0-day" if ISS (makers of RealSecure and proventia IDS) announced the vuln? Wouldn't that lead us to believe that ISS had it first?
Beyond that, it's been a week, I am sure that all the major IDS venders have it. 

Joel

(Yes, I work for an IDS company, and yes, we have a way to detect it)


On Aug 4, 2005, at 3:53 AM, planz 235 wrote:


Hi,

McAfee claims to have "Zero-day" protection against the recent
vulnerability disclosed against Cisco particularly on Shellcodes.
Their press release says, McAfee IntruShield's existing infrastructure
protection proactively covers new exploit techniques against Cisco
IOS, such as those demonstrated at last week's Black Hat conference.
[http://www.mcafeesecurity.com/us/about/press/corporate/ 2005/20050803_181545.htm 
]

 Someone using Intrushield can validate this statement..?

 Regards,
 Planz




------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. 
------------------------------------------------------------------------






------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. 
------------------------------------------------------------------------

Reply via email to