Vulnerability Development mailing list archives
Re: Firewall and IDS, (the second way).
From: Michel Arboi <arboi () yahoo com>
Date: Sat, 16 Mar 2002 17:54:14 +0100 (CET)
--- sekure () hadrion com br a écrit :
I'm "walking" by the internet finding about paper/techniques that can be used to detect systemn with IDS installed. Try to detect snort/snort+aide/quinds/.../ somebody know something like it ??
Some commercial IDS use special a special Ethernet device that is supposed to be invisible. If the IDS is not set up to react to attacks, you will probably never see it. If it reacts, e.g. but cutting TCP connections, I suppose there is a way to detect it as the behaviour of the target machine will look odd (e.g. connections run fine until you send something that matches the IDS signature, and you lose them)
And "how to outline a firewall" ... techinique to try bypass rules of a firewall ... or dribble ?
For IP filters, have a look at the firewalk tool. ___________________________________________________________ Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français ! Yahoo! Mail : http://fr.mail.yahoo.com
Current thread:
- Firewall and IDS, (the second way). sekure (Mar 15)
- Re: Firewall and IDS, (the second way). Zow (Mar 15)
- RE: Firewall and IDS, (the second way). Benjamin P. Grubin (Mar 16)
- Re: Firewall and IDS, (the second way). Bryan Burns (Mar 16)
- RE: Firewall and IDS, (the second way). Dom De Vitto (Mar 16)
- Re: Firewall and IDS, (the second way). Michel Arboi (Mar 16)
- Re: Firewall and IDS, (the second way). Timothy J. Miller (Mar 19)
- Re: Firewall and IDS, (the second way). Anthony Stevens (Mar 20)
- <Possible follow-ups>
- Re: Firewall and IDS, (the second way). Marco Ivaldi (Mar 18)
- RE: Firewall and IDS, (the second way). PJD (Mar 19)
- Re: Firewall and IDS, (the second way). Zow (Mar 20)
- RE: Firewall and IDS, (the second way). Pedro Quintanilha (Mar 19)
- RE: Firewall and IDS, (the second way). Bojan Zdrnja (Mar 20)
- RE: Firewall and IDS, (the second way). Pedro Quintanilha (Mar 20)
- RE: Firewall and IDS, (the second way). Bojan Zdrnja (Mar 20)
- Re: Firewall and IDS, (the second way). Zow (Mar 15)