Penetration Testing mailing list archives
Re: [PEN-TEST] IDS identification and a personal cry for help :)
From: Bill Pennington <billp () SUBDIMENSION COM>
Date: Mon, 21 Aug 2000 21:41:02 -0700
Yes this is why I stated a "hyperactive" NID at work (or maybe a hyperactive admin ). Unfortunately I have run into a lot more of these lately as people seem to think it is a cool thing to do. Until I shun them from there next hop:-) ----- Original Message ----- From: Talisker <Talisker () NETWORKINTRUSION CO UK> To: <PEN-TEST () SECURITYFOCUS COM> Sent: Saturday, August 19, 2000 11:12 AM Subject: Re: IDS identification and a personal cry for help :)
Bill - Comment belowOne way to detect a NIDS is to launch attacks and see if you are then shunned from the network. This is a good indication that a hyperactive
NID
is at work. Also if your connection gets reset when you attempt an
exploit
that is another tip-off. As far as fingerprinting goes, if you where knowledgeable about default rulesets you might be able to determine a
NID
byits reactions, or lack of action, to certain attacks.I think think you'll find that most IDS have the auto response facility turned off Andy www.networkintrusion.co.uk ''' (0 0) ----oOO----(_)---------- | The geek shall | | Inherit the earth | -----------------oOO---- |__|__| || || ooO Ooo
Current thread:
- Re: [PEN-TEST] IDS identification and a personal cry for help :) Domenico De Vitto (Aug 21)
- <Possible follow-ups>
- Re: [PEN-TEST] IDS identification and a personal cry for help :) Dragos Ruiu (Aug 21)
- Re: [PEN-TEST] IDS identification and a personal cry for help :) Dragos Ruiu (Aug 21)
- Re: [PEN-TEST] IDS identification and a personal cry for help :) Talisker (Aug 21)
- Re: [PEN-TEST] IDS identification and a personal cry for help :) Bill Pennington (Aug 22)
- Re: [PEN-TEST] IDS identification and a personal cry for help :) Pedro Quintanilha (Aug 23)
- Re: [PEN-TEST] IDS identification and a personal cry for help :) Bill Pennington (Aug 22)