Scanning through an IPS

[jond <x () jond com>]

I'm wondering what techniques everyone else uses when you know for a
fact you're scanning a client who has an Intrusion Prevention System.

As far as determining which IPs and ports are open:
I know with nmap you can do a SYN scan(by default) which is a little
stealth and you can slow it down to make it a little more stealthy. Is
there a better way?

As far as determining if software on said ports is vulnerable:
I'm assuming the only stealth way is to use netcat or telnet and
manually grab the banner, and look up what I find?
Something like Nessus, I'm assuming, is impossible to make stealthy?





Thanks in advance,
Jon


.

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------