Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Pentesting an IDP-System

From: "Oliver () greyhat de" <Oliver () greyhat de>
Date: Sat, 29 May 2004 12:26:44 +0200
ph03n1x wrote:


Hello

I'm kinda new to this list and this is my first post so be nice to me :)

Well I got an Intrusion Detection and Prevention System from a quite
famous company which they lend me for betatesting. I already compiled a
few exploits to test and it detected them quite reliable. (Didnt detect
the exploit but detected the shellcode)

Do you guys have an idea how i could test it more efficiently, is there
some software that automatically tries to attack with a bunch of the
most common and new exploits so i dont have to do it manually?
Preferably some GPL or other "free" stuff since i dont have a budget for
this.

What are the must criterias for an IDP would appreciate any links or
papers.


thx for tips

ph

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


There is a tool called IDS Informer, but i never used it.
Fragrouter can be used for some fragmentation tests.
Maybe you can use ip fragmentation to overwrite destination port of tcp-header. This migth help to fool some IDS-Systems, using PAD (protocol anomaly detection) 
which determines the protocoll by reading the destport.

/Oliver



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: