Nmap Development mailing list archives
Re: [NSE] IDS behavior detection scripts
From: David Fifield <david () bamsoftware com>
Date: Mon, 29 Mar 2010 13:42:05 -0600
On Mon, Mar 08, 2010 at 03:50:01AM -0300, Joao Correa wrote:
These two scripts were very helpful to me a few days ago, while configuring and testing an IDS in a server. Maybe they could be useful to someone else.
I'm trying to decide whether to include these scripts in the distribution. Can you tell us more about the situation they helped you in? That will help us know what the typical use is and whether the scripts are generally useful.
The main objective of these scripts is trying to identify IDS (or should I call it IPS?) behaviors such as detecting and blocking sql-injections and directory enumeration. I believe that the scripts are self-explained, but if you have any question, I'll be here to answer. If you guys decide that these scripts are interesting enough to be merged to the main trunk, I think that maybe they should get better names and a better output.
It would be better if the scripts were not destructive (didn't potentially create a firewall rule) but I guess that is inherent in the way they work. What happens if you run the script twice against the same host? How about if you run it at the same time as sql-injection.nse? David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] IDS behavior detection scripts Joao Correa (Mar 07)
- Re: [NSE] IDS behavior detection scripts David Fifield (Mar 29)
- Re: [NSE] IDS behavior detection scripts Joao Correa (Mar 29)
- Re: [NSE] IDS behavior detection scripts David Fifield (Mar 29)
- Re: [NSE] IDS behavior detection scripts Joao Correa (Mar 29)
- Re: [NSE] IDS behavior detection scripts Joao Correa (Mar 29)
- Re: [NSE] IDS behavior detection scripts David Fifield (Mar 29)