Using VSRX IDP to detect pre-triggered Attack – Metasploit Frame-Work – SCAN:MISC:HTTP:VTI-BIN-PROBE
Nov 13
jncie-security fireawll, srx No Comments
Hi,
I was studying about IDP and as always I wanted to test the feature out. First of all, Its VSRX , so do not expect that it detects everything out of the box, but it did fairly a nice job to start with.
Topology
Exploit
SCAN:MISC:HTTP:VTI-BIN-PROBE
Description: This signature detects requests to a URL that can execute a denial of service (DoS) on Microsoft IIS with FrontPage extensions.
No attack detected as of yet and attack-Table is Empty
Configuring VSRX so that i has IDP capabilities, for more you can have look at the below post about installation Details
https://r2079.wordpress.com/2015/09/16/appsecure-suite-installing-license-evaluation-version-on-vsrx-firefly/
I have used Metasploit to attack my home lab device
As we can clearly see, SRX has detected the attack and displayed the appropriate attack-Type.
Regards
Rakesh M