From: Javier Fernandez-Sanguino (jfernandez@germinus.com)
Date: Mon Jul 07 2003 - 02:57:48 EDT
Ronen Gottlib wrote:
>
> Does anyone has any idea about methods to bypass management apps (maybe
> I need to try and DoS it)?
>
Notice that common management agents (Openview Operatins, Tivoli,
Aprisma Spectrum...) do no provide (out of the box) any kind of IPS
functionality they "only" provide a framework to remotely manage
systems. The network/systems architect might, however, have created an
IPS based on that management system, since the management systems we are
talking about provide a centralised multi-agent architecture is quite
feasible to have the central management station tell the remote agents
to block an IP address if the remote agents send reports on suspicous
activities in the logs of the systems they are in.
If this is the case there are two ways to get around it. Either DoS the
system agent (not nice) or find attack vectors that are not monitored
(i.e you are not black-holed after using them), test if there is any
misconfiguration in the applications you can access and see if
exploiting them blackholes you.
Regards
Javi
---------------------------------------------------------------------------
The Lightning Console aggregates IDS events, correlates them with
vulnerability info, reduces false positives with the click of a button, anddistributes this information to hundreds of users.
Visit Tenable Network Security at http://www.tenablesecurity.com to learn
more.
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:35 EDT