This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to test IPS attack pattern

Hi everyone.

I'm currently taking a course about information security and we are doing a project using Sophos UTM.

We would like to see whether it works when we set Network Protection > Intrusion Protection > Attack Patterns rules.

For instance, we check on Windows and see if there's a log related to Windows OS attacks when we exploit a server behind UTM. But we couldn't figure out what type of attacks it detects and prevents, also which tool to use to exploit it to demonstrate it.

Please help! Any info would be appreciated.

This thread was automatically locked due to age.

0 darrellr over 7 years ago

Use nmap to run some scans and use some of the scripts to check for vulnerabilities. Otherwise, if you want something more involved, use metasploit scanners/exploits against it.

Important note - IPS only applies to traffic that is allowed through the firewall. It will not fire off events that are dropped.
Cancel
Vote Up 0 Vote Down

Cancel
0 Eunmi Jeong over 7 years ago in reply to darrellr

We already tried to exploit the server using metasploit on Kali but couldn't find the right payload that UTM detects yet.
Cancel
Vote Up 0 Vote Down

Cancel