Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Penetration Testing: Re: IDS evasion && testing

Re: IDS evasion && testing

From: Dario N. Ciccarone <dciccaro_at_cisco.com>
Date: Mon, 08 Apr 2002 23:45:29 -0300

http://www.hsc-labs.com/ressources/outils/idswakeup/index.html.en

At 10:28 AM 4/8/2002 +0200, Renaud Deraison wrote:
>On Sun, Apr 07, 2002 at 12:29:12PM -0400, Osborne-1, Brett wrote:
>> There are some tools out on this - "stick" is probably the best known.
>> I think Doug Song has some tools in this area - his site is on monkey.org
>
>Nessus 1.1.14 also implements some IDS evasion techniques described in
>Newsham's and Ptacek's paper. The neat thing is that it applies them to
>every Nessus check (on any TCP port). So you can test an IDS by doing a
>scan with IDS evasion off, then re-do the scan with IDS evasion on, and
>compare the results (which is quite interesting, because Nessus usually
>generates a _lot_ of signatures).
>
>For more details, see http://www.nessus.org/doc/nids.html
>
>
> -- Renaud
>--
>Renaud Deraison
>The Nessus Project
>http://www.nessus.org
>
>----------------------------------------------------------------------------
>This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
>Service. For more information on SecurityFocus' SIA service which
>automatically alerts you to the latest security vulnerabilities please see:
>https://alerts.securityfocus.com/

=================================================================================================
Cisco SAFE - A Security Blueprint for Enterprise Networks
SAFE for Enterprise, SMB, IPSec VPNs, Wireless and IP Telephony
www.cisco.com/go/safe
=================================================================================================
Disclaimer:
These are my own personal opinions and not necessarily those of Cisco Systems.

Sed quis custodiet ipsos custodes?

Dario N. Ciccarone

Cisco Systems
Argentina, Paraguay, Uruguay y Bolivia
Ing. Enrique Butty 240 Piso 17
C1001ABF, Buenos Aires , Argentina
Phone/Vmail: 54-11-4341-0203
Fax: 54-11-4341-0149
dciccaro_at_cisco.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Received on Apr 09 2002

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]