IDS mailing list archives
Re: how to verify whether an attack attempt is successful?
From: Huagang XIE <huagang () intruvert com>
Date: Wed, 15 Jan 2003 16:45:32 -0800
It depend on what kind of attack it is. For attack like Nimda, you need to check the HTTP response code and see if it return the interesting stuff. For DoS attack, you need to check if the server is crash which will not send back the response. For attacks which result into a root shell,
the way is to see if there is an interactive shell is runing.But it also depends on the false positive, you need to make sure an IDS system has a lower false positve to do all these checking.
Huagang Yan Zhai wrote:
Is there any technology developed in this direction?
Current thread:
- how to verify whether an attack attempt is successful? Yan Zhai (Jan 15)
- Re: how to verify whether an attack attempt is successful? Huagang XIE (Jan 16)
- Re: how to verify whether an attack attempt is successful? Jose Nazario (Jan 16)
- Re: how to verify whether an attack attempt is successful? Kurt Seifried (Jan 16)
- <Possible follow-ups>
- RE: how to verify whether an attack attempt is successful? detmar . liesen (Jan 17)
- RE: how to verify whether an attack attempt is successful? Ron Gula (Jan 20)
- Re: how to verify whether an attack attempt is successful? Scott Wimer (Jan 21)
- Re: how to verify whether an attack attempt is successful? Yan Zhai (Jan 19)