Ronen Gottlib wrote: > > Does anyone has any idea about methods to bypass management apps (maybe > I need to try and DoS it)? > Notice that common management agents (Openview Operatins, Tivoli, Aprisma Spectrum...) do no provide (out of the box) any kind of IPS functionality they "only" provide a framework to remotely manage systems. The network/systems architect might, however, have created an IPS based on that management system, since the management systems we are talking about provide a centralised multi-agent architecture is quite feasible to have the central management station tell the remote agents to block an IP address if the remote agents send reports on suspicous activities in the logs of the systems they are in. If this is the case there are two ways to get around it. Either DoS the system agent (not nice) or find attack vectors that are not monitored (i.e you are not black-holed after using them), test if there is any misconfiguration in the applications you can access and see if exploiting them blackholes you. Regards Javi --------------------------------------------------------------------------- The Lightning Console aggregates IDS events, correlates them with vulnerability info, reduces false positives with the click of a button, anddistributes this information to hundreds of users. Visit Tenable Network Security at http://www.tenablesecurity.com to learn more. ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Mon Jul 07 2003 - 10:58:09 PDT