Penetration Testing mailing list archives
Re: [PEN-TEST] IDS identification and a personal cry for help :)
From: Talisker <Talisker () NETWORKINTRUSION CO UK>
Date: Sat, 19 Aug 2000 19:12:09 +0100
Bill - Comment below
One way to detect a NIDS is to launch attacks and see if you are then shunned from the network. This is a good indication that a hyperactive NID is at work. Also if your connection gets reset when you attempt an exploit that is another tip-off. As far as fingerprinting goes, if you where knowledgeable about default rulesets you might be able to determine a NID
by
its reactions, or lack of action, to certain attacks.
I think think you'll find that most IDS have the auto response facility
turned off
Andy
www.networkintrusion.co.uk
'''
(0 0)
----oOO----(_)----------
| The geek shall |
| Inherit the earth |
-----------------oOO----
|__|__|
|| ||
ooO Ooo
Current thread:
- Re: [PEN-TEST] IDS identification and a personal cry for help :) Domenico De Vitto (Aug 21)
- <Possible follow-ups>
- Re: [PEN-TEST] IDS identification and a personal cry for help :) Dragos Ruiu (Aug 21)
- Re: [PEN-TEST] IDS identification and a personal cry for help :) Dragos Ruiu (Aug 21)
- Re: [PEN-TEST] IDS identification and a personal cry for help :) Talisker (Aug 21)
- Re: [PEN-TEST] IDS identification and a personal cry for help :) Bill Pennington (Aug 22)
- Re: [PEN-TEST] IDS identification and a personal cry for help :) Pedro Quintanilha (Aug 23)
- Re: [PEN-TEST] IDS identification and a personal cry for help :) Bill Pennington (Aug 22)