K. Brian Kelley (4/3/2014)
Then you've been working with the wrong security/networking teams. IDS/IPS is typically monitoring network traffic not running on the host. It'll see the xp_cmdshell going across the network and alert. This isn't new functionality. It's been around for YEARS. Free IDS like Snort have detected it for years.
I get that. My point is that the attack cited on this thread didn't use xp_CmdShell. Having it turned off did nothing to prevent this attack which did everything that one could do with xp_CmdShell.
--Jeff Moden
Change is inevitable... Change for the better is not.