Penetration Testing: Re: [PEN-TEST] IDS identification and a personal cry for help :)

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Penetration Testing mailing list archives

Re: [PEN-TEST] IDS identification and a personal cry for help :)

From: Talisker <Talisker () NETWORKINTRUSION CO UK>
Date: Sat, 19 Aug 2000 19:12:09 +0100

Bill  - Comment below

One way to detect a NIDS is to launch attacks and see if you are then
shunned from the network. This is a good indication that a hyperactive NID
is at work. Also if your connection gets reset when you attempt an exploit
that is another tip-off. As far as fingerprinting goes, if you where
knowledgeable about default rulesets you might be able to determine a NID

by

its reactions, or lack of action, to certain attacks.


I think think you'll find that most IDS have the auto response facility
turned off

Andy
www.networkintrusion.co.uk
                    '''
                 (0 0)
  ----oOO----(_)----------
  | The geek shall        |
  |  Inherit the earth     |
  -----------------oOO----
               |__|__|
                  || ||
              ooO Ooo

By Date By Thread

Current thread:

Re: [PEN-TEST] IDS identification and a personal cry for help :) Domenico De Vitto (Aug 21)
- <Possible follow-ups>
- Re: [PEN-TEST] IDS identification and a personal cry for help :) Dragos Ruiu (Aug 21)
- Re: [PEN-TEST] IDS identification and a personal cry for help :) Dragos Ruiu (Aug 21)
- Re: [PEN-TEST] IDS identification and a personal cry for help :) Talisker (Aug 21)
  - Re: [PEN-TEST] IDS identification and a personal cry for help :) Bill Pennington (Aug 22)
    - Re: [PEN-TEST] IDS identification and a personal cry for help :) Pedro Quintanilha (Aug 23)