Penetration Testing mailing list archives
RE: Triggering IDS
From: "chewy" <chewy () pandora be>
Date: Thu, 16 Mar 2006 07:26:03 +0100
Hi Adam, A DNS version query is what we use to trigger NIDS sensors. It does not matter whether the destination response yes or no since its UDP and the trigger is the query. This can be performed to any host no matter if the host has UDP 53 in listening state or not. If you have allot of NIDS sensors then port scanning might be noisy. Also this might not work against a firewalled host. The same counts for the DNS query. Another option and the most preferred one is writing your own signature. I prefer UDP or another stateless protocol to avoid real session creation. Am not 100% certain but I do not think there is a real industry standard packet for this. Gr, David -----Oorspronkelijk bericht----- Van: AdamT [mailto:adwulf () gmail com] Verzonden: woensdag 15 maart 2006 16:09 Aan: pen-test () securityfocus com Onderwerp: Triggering IDS Dear all, Y'know how there's the EICAR anti virus test file, which lets you see if your anti-virus is working, well, I was wondering if there was something similar to let you see what happens when your IDS triggers? Should I just send a lot of NOPs in a TCP session, or make obvious port scans, or is there some kind of 'industry standard' way to deliberately trigger IDS alarms? -- AdamT 'Thank-you for not requesting read receipts' ------------------------------------------------------------------------ ------ This List Sponsored by: Cenzic Concerned about Web Application Security? As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com ------------------------------------------------------------------------ ------ ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/forms/ec.php?pubid=10025 And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com ------------------------------------------------------------------------------
Current thread:
- Triggering IDS AdamT (Mar 15)
- RE: Triggering IDS chewy (Mar 16)
- Re: Triggering IDS Ivan . (Mar 16)
- Re: Triggering IDS Christine Kronberg (Mar 16)
- Re: Triggering IDS Andres Riancho (Mar 16)
- Re: Triggering IDS Jean-Philippe Luiggi (Mar 16)
- <Possible follow-ups>
- Re: Triggering IDS bart (Mar 16)
- Re: Re: Triggering IDS bwallace (Mar 18)