RE: IDS evasion && testing

From: Osborne-1, Brett (Brett.Osborne-1@ksc.nasa.gov)
Date: 04/07/02

Previous message: Marco de Vivo [UCV]: "Re: IDS evasion && testing"
Maybe in reply to: ph00dy: "IDS evasion && testing"
Next in thread: Renaud Deraison: "Re: IDS evasion && testing"
Reply: Renaud Deraison: "Re: IDS evasion && testing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Osborne-1, Brett" <Brett.Osborne-1@ksc.nasa.gov>
To: 'ph00dy ' <ph00dy@covesoft.net>, "'pen-test@securityfocus.com '" <pen-test@securityfocus.com>
Date: Sun, 7 Apr 2002 12:29:12 -0400

There is a lot of information available. The "Hacking Exposed" series probably goes over this somewhat. Also look for works from Ed Skoudis and Eric Cole (they have a couple books, which I forget despite a week with Ed in 'hacker training' here at SANS Orlando).

You can also find links at
sans.org
securityfocus.com
searcsecurity.com

There are some tools out on this - "stick" is probably the best known. I think Doug Song has some tools in this area - his site is on monkey.org

After some sleep, I should be able to walk you through some stuff.

Brett

-----Original Message-----
From: ph00dy
To: pen-test@securityfocus.com
Sent: 4/4/02 5:22 PM
Subject: IDS evasion && testing

Hey *,
I am looking for good information on defeating/testing NIDS. I have
tryed some "alert overflowing", and sending some attacks/scans very
slowly
to see what the results are, but I imagine there is someone who has done
more of this sort of testing that knows something I don't. Any
experience,
Ideas, papers etc.. would be helpful.

Thanks..
ph00dy

------------------------------------------------------------------------

---- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/

---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/

Previous message: Marco de Vivo [UCV]: "Re: IDS evasion && testing"
Maybe in reply to: ph00dy: "IDS evasion && testing"
Next in thread: Renaud Deraison: "Re: IDS evasion && testing"
Reply: Renaud Deraison: "Re: IDS evasion && testing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: (citrix testing)
... For more information on SecurityFocus' SIA service which ... >- This list is provided by the SecurityFocus Security Intelligence Alert ... > automatically alerts you to the latest security vulnerabilities please ...
(Pen-Test)
Re: Buffer Overflow Help
... >>> This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... >>> automatically alerts you to the latest security vulnerabilities please ...
(Pen-Test)
Re: faster scans? (nmap)
... one host using nmap for syn scans in burst mode with the ... >>>This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
(Pen-Test)
Re: IIS HTR Exploit ?
... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ... automatically alerts you to the latest security vulnerabilities please see: ...
(Pen-Test)
Re: Need Novell vuln. scanner ASAP!
... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... > automatically alerts you to the latest security vulnerabilities please see: ...
(Pen-Test)