mhellman Thu, 09/13/2007 - 07:49
User Badges:
  • Blue, 1500 points or more

I would focus on creating an environment where metasploit actually works (i.e. you can exploit an unpatched box). Then you can focus on IDS.

josephium Sun, 09/16/2007 - 22:31
User Badges:

yes, but can anyone give a sample or a detailed example on how IPS stops a working exploit with metasploit or any other software

mhellman Tue, 09/18/2007 - 07:13
User Badges:
  • Blue, 1500 points or more

I have used metasploit to trigger alarms in promiscuous mode, but not inline. It's pretty much the same though. Get metasploit working. go through the list of available metasploit exploits and choose one that is:

1) exploitable on the test machine

2) detected by Cisco IPS


Test the exploit without IPS. One you have verified that it is working(during my test, I was creating a local user on a Windows box), test the exploit with IPS.

Actions

This Discussion