Re: [NSE] IDS behavior detection scripts

[David Fifield <david () bamsoftware com>]

On Mon, Mar 08, 2010 at 03:50:01AM -0300, Joao Correa wrote:
> These two scripts were very helpful to me a few days ago, while
> configuring and testing an IDS in a server. Maybe they could be useful
> to someone else.

I'm trying to decide whether to include these scripts in the
distribution. Can you tell us more about the situation they helped you
in? That will help us know what the typical use is and whether the
scripts are generally useful.

> The main objective of these scripts is trying to identify IDS (or
> should I call it IPS?) behaviors such as detecting and blocking
> sql-injections and directory enumeration. I believe that the scripts
> are self-explained, but if you have any question, I'll be here to
> answer. If you guys decide that these scripts are interesting enough
> to be merged to the main trunk, I think that maybe they should get
> better names and a better output.

It would be better if the scripts were not destructive (didn't
potentially create a firewall rule) but I guess that is inherent in the
way they work. What happens if you run the script twice against the same
host? How about if you run it at the same time as sql-injection.nse?

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/