Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Firewall and IDS, (the second way).

From: Michel Arboi <arboi () yahoo com>
Date: Sat, 16 Mar 2002 17:54:14 +0100 (CET)
 --- sekure () hadrion com br a écrit : 

I'm "walking" by the internet finding about paper/techniques that can
be used to detect systemn with IDS installed. Try to detect
snort/snort+aide/quinds/.../ somebody know something like it ??


Some commercial IDS use special a special Ethernet device that is
supposed to be invisible.
If the IDS is not set up to react to attacks, you will probably never
see it. If it reacts, e.g. but cutting TCP connections, I suppose there
is a way to detect it as the behaviour of the target machine will look
odd (e.g. connections run fine until you send something that matches
the IDS signature, and you lose them)


And "how to outline a firewall" ... techinique to try bypass rules of
a firewall ... or dribble ?


For IP filters, have a look at the firewalk tool.



___________________________________________________________
Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français !
Yahoo! Mail : http://fr.mail.yahoo.com
Previous By Date Next
Previous By Thread Next

Current thread: