Honeypots mailing list archives
Honeypot / Nessus help
From: "Jeremy Hyland" <hylandj () u washington edu>
Date: Fri, 24 Sep 2004 19:29:19 -0700
Nessus has got to be the best network vulnerability scanner available, but you need to remember it was never designed to be a stealth tool. Most of its attacks and scans are really in your face - like smacking your server with a baseball bat. Your IDS would have to be really, really bad to miss it. However there are some IDS evasion features you can turn on: http://www.nessus.org/doc/nids.html I'd suggest some creative netcat, hping, and nmap work to determine how good that IDS really is. -Jeremy On Fri, 24 Sep 2004 12:09:56 -0700, Robert McMahon <bob () intoto com> wrote:
Hi,
I'm trying to evaluate an Intrusion Detection/Prevention product which
advertises support for thousands of signatures.
I'm thinking of using Nessus and a honeypot to exercise the product.
I'm new to the tools/technology and was wondering if anybody has opinions
on if these are the right tools? Also, should I use honeyd or some
other honeypot? (My initial look at honeyd suggests it is a bit
premature, but like I said, I'm a newbie.)
Thanks in advance for any help and tips,
Bob McMahon
Application Engineer
Intoto Inc.
bob () intoto com
Current thread:
- Honeypot / Nessus help Robert McMahon (Sep 24)
- <Possible follow-ups>
- RE: Honeypot / Nessus help Joshua Berry (Sep 24)
- Re: Honeypot / Nessus help Valdis . Kletnieks (Sep 24)
- Honeypot / Nessus help Jeremy Hyland (Sep 24)
- RE: Honeypot / Nessus help Polazzo Justin (Sep 27)