Re: [Full-Disclosure] Pentesting an IDP-System
From: Dave King (davedf_at_davewking.com)
Date: 05/29/04
- Previous message: debian-security-announce_at_lists.debian.org: "[Full-Disclosure] [SECURITY] [DSA 509-1] New gatos packages fix privilege escalation"
- In reply to: H D Moore: "Re: [Full-Disclosure] Pentesting an IDP-System"
- Next in thread: Cedric Blancher: "Re: [Full-Disclosure] Pentesting an IDP-System"
- Reply: Cedric Blancher: "Re: [Full-Disclosure] Pentesting an IDP-System"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: full-disclosure@lists.netsys.com Date: Sat, 29 May 2004 14:47:59 -0600
You might try nessus (http://www.nessus.org) and turn on all the
dangerous plugins and turn safe checks off. It also has some detection
evasion stuff. Good luck.
p.s. Marcin asked what to pentest means. It's just a slang term for
penetration test.
Dave King
http://www.thesecure.net
H D Moore wrote:
>On Saturday 29 May 2004 06:03, ph03n1x wrote:
>
>
>>Do you guys have an idea how i could test it more efficiently, is there
>>some software that automatically tries to attack with a bunch of the
>>most common and new exploits so i dont have to do it manually?
>>Preferably some GPL or other "free" stuff since i dont have a budget
>>for this.
>>
>>
>
>Check out the Metasploit Framework, it was designed with IDS testing in
>mind. There is an environment option that you can set from the console
>that forces all "nop" instructions to be randomized; you may want to try
>setting this and see if the attack is detected at all :) [1]
>
>The Framework is available from:
> http://metasploit.com/projects/Framework/
>
>Version 2.0 is the latest public release. If you read through the Crash
>Course PDF on the documentation page, it will describe how to configure
>random nop sleds, as well how the system works in general. The 2.0
>release includes about twenty exploits; updated and new modules are sent
>out to the Framework mailing list. If you have any questions about using
>the Framework, or the general development status, drop us a message
>at msfdef[at]metasploit.com.
>
>-HD
>
>1. Something you may want to keep in mind is that intrusion detection
>systems which follow a first-exit methodolgy (Snort, etc) will normally
>report only one event for a given attack. If the "nops" rule matches
>before the exploit rule, that would be the only event reported. The Snort
>team has added something called "event queueing" in the 2.1.3/2.2 version
>(currently in CVS), that allows much better control over which types of
>events override each other. Some day we may post our paper on bypassing
>every single signature with event masking...
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>
>
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: debian-security-announce_at_lists.debian.org: "[Full-Disclosure] [SECURITY] [DSA 509-1] New gatos packages fix privilege escalation"
- In reply to: H D Moore: "Re: [Full-Disclosure] Pentesting an IDP-System"
- Next in thread: Cedric Blancher: "Re: [Full-Disclosure] Pentesting an IDP-System"
- Reply: Cedric Blancher: "Re: [Full-Disclosure] Pentesting an IDP-System"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
