Hi everybody, last week I had a Stonesoft engineer in my lab demonstrating their techniques of exploit attack via AET. I tested my PAN NFR units (PA-200 & PA-2050) with IPS license last update, together with other vendors IPS units, protecting 2 pretty vulnerable client (one win xp sp2 the other ubuntu 6.04) . The result scared my quite a bit. Known exploits are blocked once sent in clear way, but when a subset of AET was run under script the catch rate was quite bad, less than 10% with the highest IPS policy in place. Here the link to Stonesoft attacker that one can freely test: Evader | Stonesoft Evader Last AET discussion in this forum is pretty old, end of 2010, and I would like how PAN handles nowadays these kind of sophisticated traffic obfuscation, carrying malicious payload. I know that patching the client solve the problem but the same oparation could be done with client with no patch software available and IPS are meant to handle such situations. Regards
... View more
