Full Disclosure mailing list archives
Re: Pentesting an IDP-System
From: H D Moore <fdlist () digitaloffense net>
Date: Sat, 29 May 2004 14:47:33 -0500
On Saturday 29 May 2004 06:03, ph03n1x wrote:
Do you guys have an idea how i could test it more efficiently, is there some software that automatically tries to attack with a bunch of the most common and new exploits so i dont have to do it manually? Preferably some GPL or other "free" stuff since i dont have a budget for this.
Check out the Metasploit Framework, it was designed with IDS testing in mind. There is an environment option that you can set from the console that forces all "nop" instructions to be randomized; you may want to try setting this and see if the attack is detected at all :) [1] The Framework is available from: http://metasploit.com/projects/Framework/ Version 2.0 is the latest public release. If you read through the Crash Course PDF on the documentation page, it will describe how to configure random nop sleds, as well how the system works in general. The 2.0 release includes about twenty exploits; updated and new modules are sent out to the Framework mailing list. If you have any questions about using the Framework, or the general development status, drop us a message at msfdef[at]metasploit.com. -HD 1. Something you may want to keep in mind is that intrusion detection systems which follow a first-exit methodolgy (Snort, etc) will normally report only one event for a given attack. If the "nops" rule matches before the exploit rule, that would be the only event reported. The Snort team has added something called "event queueing" in the 2.1.3/2.2 version (currently in CVS), that allows much better control over which types of events override each other. Some day we may post our paper on bypassing every single signature with event masking... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Pentesting an IDP-System ph03n1x (May 29)
- Re: Pentesting an IDP-System Oliver () greyhat de (May 29)
- Re: Pentesting an IDP-System Marcin Owsiany (May 29)
- Re: Pentesting an IDP-System evilninja (May 29)
- Re: Pentesting an IDP-System Jay Beale (May 30)
- Re: Pentesting an IDP-System evilninja (May 29)
- Re: Pentesting an IDP-System H D Moore (May 29)
- Re: Pentesting an IDP-System Dave King (May 29)
- Re: Pentesting an IDP-System Cedric Blancher (May 29)
- Re: Pentesting an IDP-System Dave King (May 29)
- Re: Pentesting an IDP-System Darren Bounds (May 29)
- Re: Pentesting an IDP-System ph03n1x (May 30)