I have the web server running, http allowed and I am appending the following to URL, but I don't see any logs getting generated. Could you share the policy for IPS to trigger alerts.
get_int_filtered.php?id=1
get_int_groupby.php?id=1
get_int_having.php?id=1
get_int_img.php?id=1
get_int_inline.php?id=SELECT+name+FROM+users
------------------------------
Avil Tauro
------------------------------
Original Message:
Sent: 10-04-2021 12:08
From: Ashvin
Subject: SRX Firewall IPS Signature Demonstration
Hi,
One of the easiest signatures to trigger is IP:EXPLOIT:SAME-SRC-DST
You can use hping to spoof src IP to be same as a dst IP which will trigger this signature.
Other potential signatures are HTTP based HTTP:EXPLOIT:BRUTE-FORCE and HTTP:PHP:WP-BRUTE-FORCE-LOGIN
This requires having an HTTP server and wordpress for second one. Note HTTP:EXPLOIT:BRUTE-FORCE does not result in blocking action.
For brute-force attacks you can use tools like hydra or wpscan for wordpress.
HTH.
Ashvin
------------------------------
Ashvin
Original Message:
Sent: 10-04-2021 09:50
From: Avil Tauro
Subject: SRX Firewall IPS Signature Demonstration
I am using SRX320 with IPS. I need to demonstrate IPS signature trigger by traffic/access simulation, I am trying SQL injection by web access but it doesn't seem to work. What's the easiest way to demonstrate any IPS signature?
------------------------------
Avil Tauro
------------------------------