Hi,

I was studying about IDP and as always I wanted to test the feature out. First of all, Its VSRX , so do not expect that it detects everything out of the box, but it did fairly a nice job to start with.

Topology

1_topology

Exploit

2_Metasploit_frame_work_attack_search

SCAN:MISC:HTTP:VTI-BIN-PROBE

Description: This signature detects requests to a URL that can execute a denial of service (DoS) on Microsoft IIS with FrontPage extensions.

No attack detected as of yet and attack-Table is Empty

3_empty_attack_table

Configuring VSRX so that i has IDP capabilities, for more you can have look at the below post about installation Details

https://r2079.wordpress.com/2015/09/16/appsecure-suite-installing-license-evaluation-version-on-vsrx-firefly/

4_configuration

I have used Metasploit to attack my home lab device

5_attacking_lan

As we can clearly see, SRX has detected the attack and displayed the appropriate attack-Type.

6_srx_detecting_Attack

Regards

Rakesh M

Advertisements