https://community.cisco.com/t5/network-security/ips-testing-with-metasploit/m-p/848445#M85746 <P>So, about what <A href="http://www.ospfmon.com/docs/manual_ru.htm">IDS</A> you are talking about?&nbsp;<STRONG>Cisco MARS</STRONG> or just <STRONG><A href="http://money.ospfmon.com/2012/12/ettercap-ng.html">Ettercap NG filters</A></STRONG>?&nbsp;&nbsp;&nbsp;</P> Fri, 29 May 2015 21:09:05 GMT Miroslav Berkov 2015-05-29T21:09:05Z https://community.cisco.com/t5/network-security/ips-testing-with-metasploit/m-p/848439#M85738 <P>Hi,</P><P>can anyone give a sample or a detailed example on how to test IPS with metasploit, no exploit is really working or triggering anything.</P><P>thanks </P> Sun, 10 Mar 2019 10:47:39 GMT https://community.cisco.com/t5/network-security/ips-testing-with-metasploit/m-p/848439#M85738 josephium 2019-03-10T10:47:39Z https://community.cisco.com/t5/network-security/ips-testing-with-metasploit/m-p/848440#M85741 <HTML><HEAD></HEAD><BODY><P>I would focus on creating an environment where metasploit actually works (i.e. you can exploit an unpatched box). Then you can focus on IDS.</P></BODY></HTML> Thu, 13 Sep 2007 14:49:58 GMT https://community.cisco.com/t5/network-security/ips-testing-with-metasploit/m-p/848440#M85741 mhellman 2007-09-13T14:49:58Z https://community.cisco.com/t5/network-security/ips-testing-with-metasploit/m-p/848441#M85742 <HTML><HEAD></HEAD><BODY><P>yes, but can anyone give a sample or a detailed example on how IPS stops a working exploit with metasploit or any other software</P></BODY></HTML> Mon, 17 Sep 2007 05:31:01 GMT https://community.cisco.com/t5/network-security/ips-testing-with-metasploit/m-p/848441#M85742 josephium 2007-09-17T05:31:01Z https://community.cisco.com/t5/network-security/ips-testing-with-metasploit/m-p/848442#M85743 <HTML><HEAD></HEAD><BODY><P>easiest is to reverse engineer the signature details and craft packets based on the Sig RegEx for example. </P><P></P><P>For example, if a SIG is inspecting packets for "DNS" in traffic over 53/tcp, crafting a packet with this info will trigger the IPS...</P></BODY></HTML> Tue, 18 Sep 2007 13:19:09 GMT https://community.cisco.com/t5/network-security/ips-testing-with-metasploit/m-p/848442#M85743 jdenis 2007-09-18T13:19:09Z https://community.cisco.com/t5/network-security/ips-testing-with-metasploit/m-p/848443#M85744 <HTML><HEAD></HEAD><BODY><P>I have used metasploit to trigger alarms in promiscuous mode, but not inline. It's pretty much the same though. Get metasploit working. go through the list of available metasploit exploits and choose one that is:</P><P>1) exploitable on the test machine</P><P>2) detected by Cisco IPS</P><P></P><P>Test the exploit without IPS. One you have verified that it is working(during my test, I was creating a local user on a Windows box), test the exploit with IPS.</P></BODY></HTML> Tue, 18 Sep 2007 14:13:18 GMT https://community.cisco.com/t5/network-security/ips-testing-with-metasploit/m-p/848443#M85744 mhellman 2007-09-18T14:13:18Z https://community.cisco.com/t5/network-security/ips-testing-with-metasploit/m-p/848444#M85745 <P>&nbsp;</P><P><SPAN style="font-family: 'trebuchet ms', geneva;">Hi buddy, </SPAN></P><P>&nbsp;</P><P><SPAN style="font-family: 'trebuchet ms', geneva;">what type of Cisco Systems <A href="http://www.ospfmon.com/docs/Cisco_SaaS.aspx">Cisco Intrusion Prevention System</A> (IPS) do you want to exploit?</SPAN></P><P>&nbsp;</P> Wed, 29 Oct 2014 04:05:09 GMT https://community.cisco.com/t5/network-security/ips-testing-with-metasploit/m-p/848444#M85745 Miroslav Berkov 2014-10-29T04:05:09Z https://community.cisco.com/t5/network-security/ips-testing-with-metasploit/m-p/848445#M85746 <P>So, about what <A href="http://www.ospfmon.com/docs/manual_ru.htm">IDS</A> you are talking about?&nbsp;<STRONG>Cisco MARS</STRONG> or just <STRONG><A href="http://money.ospfmon.com/2012/12/ettercap-ng.html">Ettercap NG filters</A></STRONG>?&nbsp;&nbsp;&nbsp;</P> Fri, 29 May 2015 21:09:05 GMT https://community.cisco.com/t5/network-security/ips-testing-with-metasploit/m-p/848445#M85746 Miroslav Berkov 2015-05-29T21:09:05Z