RE: Triggering IDS
- From: "chewy" <chewy@xxxxxxxxxx>
- Date: Thu, 16 Mar 2006 07:26:03 +0100
Hi Adam,
A DNS version query is what we use to trigger NIDS sensors.
It does not matter whether the destination response yes or no since its
UDP and the trigger is the query. This can be performed to any host no
matter if the host has UDP 53 in listening state or not.
If you have allot of NIDS sensors then port scanning might be noisy.
Also this might not work against a firewalled host.
The same counts for the DNS query.
Another option and the most preferred one is writing your own signature.
I prefer UDP or another stateless protocol to avoid real session
creation.
Am not 100% certain but I do not think there is a real industry standard
packet for this.
Gr,
David
-----Oorspronkelijk bericht-----
Van: AdamT [mailto:adwulf@xxxxxxxxx]
Verzonden: woensdag 15 maart 2006 16:09
Aan: pen-test@xxxxxxxxxxxxxxxxx
Onderwerp: Triggering IDS
Dear all,
Y'know how there's the EICAR anti virus test file, which lets you see
if your anti-virus is working, well, I was wondering if there was
something similar to let you see what happens when your IDS triggers?
Should I just send a lot of NOPs in a TCP session, or make obvious
port scans, or is there some kind of 'industry standard' way to
deliberately trigger IDS alarms?
--
AdamT
'Thank-you for not requesting read receipts'
------------------------------------------------------------------------
------
This List Sponsored by: Cenzic
Concerned about Web Application Security?
As attacks through web applications continue to rise, you need to
proactively
protect your applications from hackers. Cenzic has the most
comprehensive
solutions to meet your application security penetration testing and
vulnerability management needs. You have an option to go with a managed
service (Cenzic ClickToSecure) or an enterprise software (Cenzic
Hailstorm).
Download FREE whitepaper on how a managed service can help you:
http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm
your
results from other product. Contact us at request@xxxxxxxxxx
------------------------------------------------------------------------
------
------------------------------------------------------------------------------
This List Sponsored by: Cenzic
Concerned about Web Application Security?
As attacks through web applications continue to rise, you need to proactively
protect your applications from hackers. Cenzic has the most comprehensive
solutions to meet your application security penetration testing and
vulnerability management needs. You have an option to go with a managed
service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm).
Download FREE whitepaper on how a managed service can help you:
http://www.cenzic.com/forms/ec.php?pubid=10025
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@xxxxxxxxxx
------------------------------------------------------------------------------
- References:
- Triggering IDS
- From: AdamT
- Triggering IDS
- Prev by Date: Re: Penetration tool kit
- Next by Date: Re: VOIP: RTP vs SRTP
- Previous by thread: Triggering IDS
- Next by thread: Re: Triggering IDS
- Index(es):
Relevant Pages
|
