IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Passive Asset Detection System v1.1.3 Released

From: Matt Shelton <seclists () mattshelton com>
Date: Thu, 30 Sep 2004 23:40:33 -0400
Greetings,
Version 1.1.3 of Passive Asset Detection System (PADS) has been released. It can be found at http://passive.sourceforge.net.
Pads is a signature-based detection engine used to passively detect network assets. Even though active scanners such as nmap and Nessus are valuable tools, sometimes it is necessary to identify network devices in a passive manner. Pads was developed to sit along side the promiscuous interface of an IDS device. It will listen to network traffic and attempt to identify the applications running on the network. 

Goals:
- Passive: Records and identifies traffic seen on a network without actively "scanning" a system. There will never be a packet sent from the Pads applications.
- Portable: Has the ability to be placed easily on a remote system. Does not require additional external libraries other than those associated with libpcap.
- Lightweight: Logging is sent to a simple CSV file. There is no need for a database or other data repository installed on the local machine. All correlation is done outside of the pads program.
The nature of an IDS device is to passively monitor a network. In many deployments, the device only monitors a network and does not have access to it. This makes active network scanners, like nmap, useless since the IDS team has no way to scan the network.
Pads was developed to solve this problem. It is modeled after my favorite scanning tool nmap, specifically the “-sV” option. Unlike nmap, it will not generate any traffic while mapping the network. Unfortunately, this method is potentially less accurate than active scanning but is often necessary in an IDS environment.
Please email me with any comments, suggestions, or complaints. I would like to hear everyone’s constructive feedback of the application. 

Regards,
Matt Shelton (matt at mattshelton dot com)


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: