[NSE] IDS behavior detection scripts

[Joao Correa <joao () livewire com br>]

Hello guys,

These two scripts were very helpful to me a few days ago, while
configuring and testing an IDS in a server. Maybe they could be useful
to someone else.

The main objective of these scripts is trying to identify IDS (or
should I call it IPS?) behaviors such as detecting and blocking
sql-injections and directory enumeration. I believe that the scripts
are self-explained, but if you have any question, I'll be here to
answer. If you guys decide that these scripts are interesting enough
to be merged to the main trunk, I think that maybe they should get
better names and a better output.

The scripts were successfully tested against OSSEC HIDS and it would
be great if someone could test them against different IDSs.

Also, do you guys have any idea of IDS behaviors that could be
detected using nmap scripts? I would be interested in coding these
scripts =). Maybe we could find some interesting scripts to different
services IDS (not only HTTP).

Thanks,
João.

Attachment: http-ids-enum.nse
Description:

Attachment: http-ids-sql-injection.nse
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/