Re: IDS evasion && testing

From: Renaud Deraison (deraison@nessus.org)
Date: 04/08/02

Previous message: Osborne-1, Brett: "RE: IDS evasion && testing"
In reply to: Osborne-1, Brett: "RE: IDS evasion && testing"
Next in thread: Dario N. Ciccarone: "Re: IDS evasion && testing"
Next in thread: Bojan Zdrnja: "RE: IDS evasion && testing"
Reply: Dario N. Ciccarone: "Re: IDS evasion && testing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 8 Apr 2002 10:28:18 +0200
From: Renaud Deraison <deraison@nessus.org>
To: pen-test@securityfocus.com

On Sun, Apr 07, 2002 at 12:29:12PM -0400, Osborne-1, Brett wrote:
> There are some tools out on this - "stick" is probably the best known.
> I think Doug Song has some tools in this area - his site is on monkey.org

Nessus 1.1.14 also implements some IDS evasion techniques described in
Newsham's and Ptacek's paper. The neat thing is that it applies them to
every Nessus check (on any TCP port). So you can test an IDS by doing a
scan with IDS evasion off, then re-do the scan with IDS evasion on, and
compare the results (which is quite interesting, because Nessus usually
generates a _lot_ of signatures).

For more details, see http://www.nessus.org/doc/nids.html

-- Renaud

-- Renaud Deraison The Nessus Project http://www.nessus.org

---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/

Previous message: Osborne-1, Brett: "RE: IDS evasion && testing"
In reply to: Osborne-1, Brett: "RE: IDS evasion && testing"
Next in thread: Dario N. Ciccarone: "Re: IDS evasion && testing"
Next in thread: Bojan Zdrnja: "RE: IDS evasion && testing"
Reply: Dario N. Ciccarone: "Re: IDS evasion && testing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: IDS evasion && testing
... >every Nessus check. ... >scan with IDS evasion off, then re-do the scan with IDS evasion on, and ... >This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
(Pen-Test)
RE: SNMP False Positives
... >> false positives from Nessus, Retina, and verified with SNMPing. ... > I have noticed similar responses from our HP-UX boxes. ... it should return which of the default community strings it was ... This list is provided by the SecurityFocus Security Intelligence Alert ...
(Pen-Test)
SecurityFocus new article announcements
... The following articles have been published on SecurityFocus: ... Nessus, Part 3: Analysing Reports ... This article, the last in the series about Nessus, will endeavor to ...
(Security-Basics)