Re: [PEN-TEST] IDS identification and a personal cry for help :)

[Bill Pennington <billp () SUBDIMENSION COM>]

Yes this is why I stated a "hyperactive" NID at work (or maybe a hyperactive
admin ). Unfortunately I have run into a lot more of these lately as people
seem to think it is a cool thing to do. Until I shun them from there next
hop:-)


----- Original Message -----
From: Talisker <Talisker () NETWORKINTRUSION CO UK>
To: <PEN-TEST () SECURITYFOCUS COM>
Sent: Saturday, August 19, 2000 11:12 AM
Subject: Re: IDS identification and a personal cry for help :)


> Bill  - Comment below
>
>
> > One way to detect a NIDS is to launch attacks and see if you are then
> > shunned from the network. This is a good indication that a hyperactive
NID
> > is at work. Also if your connection gets reset when you attempt an
exploit
> > that is another tip-off. As far as fingerprinting goes, if you where
> > knowledgeable about default rulesets you might be able to determine a
NID
> by
> > its reactions, or lack of action, to certain attacks.
>
> I think think you'll find that most IDS have the auto response facility
> turned off
>
> Andy
> www.networkintrusion.co.uk
>                     '''
>                  (0 0)
>   ----oOO----(_)----------
>   | The geek shall        |
>   |  Inherit the earth     |
>   -----------------oOO----
>                |__|__|
>                   || ||
>               ooO Ooo