IDS mailing list archives
Re: detecting "intrusion detection"
From: barcajax () gmail com
Date: 6 Oct 2005 02:36:05 -0000
The monitoring interfaces on IDSs are running promiscuously so pinging or scanning them won't work. You have to look for promiscuous interfaces in the network but finding the existence of them does not necessarily confirm the presence of an IDS. It could be some other device that also has its interface in promiscuous mode. Alternatively, you might want to try discovering the management interface of the IDS. This however might be difficult as some deployments have their management interfaces in a separate isolated management segment that might not have Internet access. Even if you do have access to the management segment, you need to know the port numbers used by every single IDS vendor out there in the market to correctly guess which IDS product is present. barcajax ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
Current thread:
- detecting "intrusion detection" sumit . siddharth (Oct 05)
- Re: detecting "intrusion detection" Krzysztof Cabaj (Oct 06)
- Re: detecting "intrusion detection" Ron Gula (Oct 06)
- <Possible follow-ups>
- RE: detecting "intrusion detection" Biswas, Proneet (Oct 06)
- Re: detecting "intrusion detection" barcajax (Oct 06)