Hey folks,<br><br>Just the usual shout out for our meeting this week held upstairs in the Burgh Coffeehouse (Commercial Street) at 7pm. <br><br><p>Our very own Arron "Finux" Finnon has returned from his global endeavor and will be presenting his talk on IDS Enumeration.<br>
</p><p>Network Intrusion Prevention Systems or NIPS have been plagued by
“False Positive” issues almost since their first deployment. A
“False Positive” could simply be described as incorrectly or
mistakenly detecting a threat that is not real. A large amount of
research has gone into using “False Positive” as an attack vector either
to attack the very validity of an IPS system or to conduct forms of
Denial of Service attacks. However the very reaction to a “False
Positive” in the first place may very well reveal more detailed
information about defenses than you might well think.</p>
<p>This talk takes a looks at how its is possible to enumerating
network defenses such as an IPS by very simple and effective means. A
detection system such as an IPS reacting to a set of conditions under
the control of an attacker can very well allow them to know what defenses they need to overcome to be successful. With a simple crafted
email it is possible to tell that clamAV is running on a mail server, or
a simple fake URL parameter could well inform you that SNORT is
defending a web application. Armed with this type of information an
attacker can plan their attack that utilise IPS evasion techniques. All
though this talk uses some very famous “Open Source” security
application in its examples the methodology can easily be used to
detect a whole host of commercial security products as well.</p>
<p>There is no hard and fast simple fix to the issues discussed in
this talk, the aim is simple; to give the attendees the ability to spot
and assess potential “reaction leakages” from a detection system. You
can only really defend against what you can understand and with
this information a more fitting solution can be sort.</p>So come grab a coffee then after the talk hopefully a beverage in the Ladywell Tavern.<br clear="all"><br>Stay Sane,<br><br>-- <br>Ryan Ward<br><a href="https://www.twitter.com/rysward" target="_blank">https://www.twitter.com/rysward</a><br>
<br><br>