Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IPS testing with metasploit

Hi,

can anyone give a sample or a detailed example on how to test IPS with metasploit, no exploit is really working or triggering anything.

thanks

6 REPLIES
Gold

Re: IPS testing with metasploit

I would focus on creating an environment where metasploit actually works (i.e. you can exploit an unpatched box). Then you can focus on IDS.

New Member

Re: IPS testing with metasploit

yes, but can anyone give a sample or a detailed example on how IPS stops a working exploit with metasploit or any other software

New Member

Re: IPS testing with metasploit

easiest is to reverse engineer the signature details and craft packets based on the Sig RegEx for example.

For example, if a SIG is inspecting packets for "DNS" in traffic over 53/tcp, crafting a packet with this info will trigger the IPS...

Gold

Re: IPS testing with metasploit

I have used metasploit to trigger alarms in promiscuous mode, but not inline. It's pretty much the same though. Get metasploit working. go through the list of available metasploit exploits and choose one that is:

1) exploitable on the test machine

2) detected by Cisco IPS

Test the exploit without IPS. One you have verified that it is working(during my test, I was creating a local user on a Windows box), test the exploit with IPS.

New Member

IPS testing with metasploit

 

Hi buddy,

 

what type of Cisco Systems Cisco Intrusion Prevention System (IPS) do you want to exploit?

 

New Member

So, about what IDS you are

So, about what IDS you are talking about? Cisco MARS or just Ettercap NG filters?   

1753
Views
9
Helpful
6
Replies