Snort mailing list archives
FW: Nessus news letter #1--Snort does well
From: Steve Halligan <agent33 () geeksquad com>
Date: Mon, 25 Feb 2002 09:46:00 -0600
I did lots of cutting, but read below for the gist of it. The entire post can be seen at: http://msgs.securepoint.com/cgi-bin/get/nessus-0202/100.html
2. Nessus 1.1.13 is out / New features in the 1.1.x tree Nessus 1.1.13 has been released ! Among the new features, we have : - NIDS evasion functions for TCP and HTTP. See section 3 about these ; - Simpler nmap_wrapper plug-in: nmap shall now be in $PATH when nessusd is started. 3. A closer look at Nessus NIDS evasion features It came to our attention that Nessus was used more than often to test for the quality of a NIDS. A lot of people install a NIDS, install Nessus, scan a target and see if the NIDS is full of logs. Nessus was not designed to be stealth, meaning that however poor your NIDS is, there will be at least two pages of red alerts telling you it's the send of the world. So in order to really test the quality of NIDS, we've decided to implement common NIDS attacks, not in order to be stealth, but in order to stress NIDSes a little more than what is done today. 3.2. Results We did limited testing of this feature - The Snort NIDS is remarkably robust in front of those nasty features, and it turns out they make Nessus even noisier ;) (version tested: 1.8.3 - www.snort.org) OTOH, due to lack of TCP stream reassembly, Prelude fails for these (and will detect a tcp slicing attack when short packets are going to port 80). (version tested: 0.4.2 - www.prelude-ids.org) If you stress NIDSes with these features, report us your results!
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- FW: Nessus news letter #1--Snort does well Steve Halligan (Feb 25)