IDS mailing list archives
Re: detecting "intrusion detection"
From: Krzysztof Cabaj <kcabaj () gmail com>
Date: Wed, 5 Oct 2005 22:43:27 +0200
Hi,
Is there any technique to detect if a particular machine is running an IDS or if a network has implemented IDS.
It depends how IDS is configured. For e.g. if IDS check suspicious machine name using DNS or send RST packet, you could send packet with forged address and look for potential IDS response. You could also check if machine has network adapter in promisious mode (send forged packet with IP of sensor and other MAC address). But those are only some evidences that this machine is running IDS. Sometimes this could be very hard or even impossible. Best regards, Krzysztof (Christopher) Cabaj ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
Current thread:
- detecting "intrusion detection" sumit . siddharth (Oct 05)
- Re: detecting "intrusion detection" Krzysztof Cabaj (Oct 06)
- Re: detecting "intrusion detection" Ron Gula (Oct 06)
- <Possible follow-ups>
- RE: detecting "intrusion detection" Biswas, Proneet (Oct 06)
- Re: detecting "intrusion detection" barcajax (Oct 06)