|
Penetration Testing
mailing list archives
Re: [PEN-TEST] IDS identification and a personal cry for help :)
From: Bill Pennington <billp () SUBDIMENSION COM>
Date: Mon, 21 Aug 2000 21:41:02 -0700
Yes this is why I stated a "hyperactive" NID at work (or maybe a hyperactive
admin ). Unfortunately I have run into a lot more of these lately as people
seem to think it is a cool thing to do. Until I shun them from there next
hop:-)
----- Original Message -----
From: Talisker <Talisker () NETWORKINTRUSION CO UK>
To: <PEN-TEST () SECURITYFOCUS COM>
Sent: Saturday, August 19, 2000 11:12 AM
Subject: Re: IDS identification and a personal cry for help :)
Bill - Comment below
One way to detect a NIDS is to launch attacks and see if you are then
shunned from the network. This is a good indication that a hyperactive
NID
is at work. Also if your connection gets reset when you attempt an
exploit
that is another tip-off. As far as fingerprinting goes, if you where
knowledgeable about default rulesets you might be able to determine a
NID
by
its reactions, or lack of action, to certain attacks.
I think think you'll find that most IDS have the auto response facility
turned off
Andy
www.networkintrusion.co.uk
'''
(0 0)
----oOO----(_)----------
| The geek shall |
| Inherit the earth |
-----------------oOO----
|__|__|
|| ||
ooO Ooo
 By Date 
By Thread
Current thread:
|
Intro
