Evading IDS?
From: Mark G. Spencer (mspencer_at_evidentdata.com)
Date: 03/18/04
- Previous message: Serg B.: "how to alert company of security hole"
- Next in thread: Matt Foster: "RE: Evading IDS?"
- Reply: Matt Foster: "RE: Evading IDS?"
- Reply: Al Smolkin: "Re: Evading IDS?"
- Maybe reply: Golomb, Gary: "RE: Evading IDS?"
- Maybe reply: Billy Dodson: "RE: Evading IDS?"
- Reply: Jerry Shenk: "RE: Evading IDS?"
- Maybe reply: Mark G. Spencer: "RE: Evading IDS?"
- Maybe reply: Levinson, Karl: "RE: Evading IDS?"
- Reply: Antonio Varni: "Re: Evading IDS?"
- Maybe reply: Eric McCarty: "RE: Evading IDS?"
- Maybe reply: Billy Dodson: "RE: Evading IDS?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <pen-test@securityfocus.com> Date: Thu, 18 Mar 2004 10:55:52 -0800
I've come across what I assume is an IDS during some network reconnaissance.
I am able to run nmap (connect scan, default ports) against the entire
target class C in question without any problems, but when I run Nikto
against any of the webservers, Nikto output dies just after the trace/track
method information and I am then unable to access anything on the target
class C for a set period of time - at least fifteen minutes.
If I move to a different netblock, I can access the target class C again ..
well, until I run Nikto. ;)
It looks like all the routing and VPN gear on the target class C is Cisco
based, so I'll make an assumption for now that the IDS is also Cisco.
Any advice on how to evade the IDS? I know Nessus and Nikto offer a variety
of IDS evasion techniques, but am I correct in assuming that a vendor such
as Cisco (or any large vendor) has taken well-known evasion techniques into
account? I will try different combinations of evasion techniques today and
hopefully won't run out of open class C IP addresses on my network as I
continue getting 15min+ blacklisted.
Thanks for the advice,
Mark
---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
- Previous message: Serg B.: "how to alert company of security hole"
- Next in thread: Matt Foster: "RE: Evading IDS?"
- Reply: Matt Foster: "RE: Evading IDS?"
- Reply: Al Smolkin: "Re: Evading IDS?"
- Maybe reply: Golomb, Gary: "RE: Evading IDS?"
- Maybe reply: Billy Dodson: "RE: Evading IDS?"
- Reply: Jerry Shenk: "RE: Evading IDS?"
- Maybe reply: Mark G. Spencer: "RE: Evading IDS?"
- Maybe reply: Levinson, Karl: "RE: Evading IDS?"
- Reply: Antonio Varni: "Re: Evading IDS?"
- Maybe reply: Eric McCarty: "RE: Evading IDS?"
- Maybe reply: Billy Dodson: "RE: Evading IDS?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
