Re: detecting "intrusion detection"
barcajax_at_gmail.com
Date: 10/06/05
- Previous message: David Glosser: "Re: HIDS solution for NT4 machines"
- Maybe in reply to: sumit.siddharth_at_gmail.com: "detecting "intrusion detection""
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 6 Oct 2005 02:36:05 -0000 To: focus-ids@securityfocus.com('binary' encoding is not supported, stored as-is) The monitoring interfaces on IDSs are running promiscuously so pinging or scanning them won't work. You have to look for promiscuous interfaces in the network but finding the existence of them does not necessarily confirm the presence of an IDS. It could be some other device that also has its interface in promiscuous mode.
Alternatively, you might want to try discovering the management interface of the IDS. This however might be difficult as some deployments have their management interfaces in a separate isolated management segment that might not have Internet access. Even if you do have access to the management segment, you need to know the port numbers used by every single IDS vendor out there in the market to correctly guess which IDS product is present.
barcajax
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
- Previous message: David Glosser: "Re: HIDS solution for NT4 machines"
- Maybe in reply to: sumit.siddharth_at_gmail.com: "detecting "intrusion detection""
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
