study on subverting IDSs

[Nomellames nunca <nomesigas () gmail com>]

Hello all,

I want to test IDS against subversion attacks (attacks directed  to
the IDS itself or any of the element used by the IDS for collecting
and reporting in order to modify their result). I would like to test a
mixture of different IDS solutions. Obviously, host based IDSs are
easily subverted by modifying the kernel once the system is
penetrated. But my aim is to check how complex is to do the same with
NIDS an other forms of IDSs. Obviously this depends on deployment, but
I will use the default or suggested options for the study.

I already have a good list of IDS solutions I want to study, but I
would like your opinion on possible target for this study, as I work
in academia and deal mainly with open solutions, like SNORT or
Emerald.

Best,

Jesus

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------