RE: how to verify whether an attack attempt is successful?

[detmar.liesen () lds nrw de]

->Is there any technology developed in this direction?

Sure there is. 

With some attacks you can determine whether or not the attack was successful
because the system under attack responds in an attack-specific way.
Snort has some attack-responses rules, but none of these ever triggered on my
network and I haven't yet had a closer look at those rules, so I don't know if
they are really useful.

In general it's impossible to determine the success of attacks with only a
network IDS (NIDS).

What you can do at network level is to compare detected attack-attempts with
information from a vulnerability-database.
The vulnerability information can be gathered by using VA tools like nessus.

Thus you can always determine whether or not the system under attack is
vulnerable to that specific attack.
If so, you can be damned sure that the attack succeeds. 

However, this is not a 100% reliable way. But such things are never very
reliable. They are an aid at analysing events more quickly and accurately
because you gain a better "signal-noise-ratio".

But Host based IDSs can do this quite accurately because they utilize more than
just packet-stream information.

Host based IDSs look into log files, check file system - integrity (i.e. if any
files have been modified) and they can also analyse system- and api-calls at
kernel level.

HTH,

Detmar Liesen