IDS mailing list archives
RE: NeVO Scan Application was RE: Cisco CTR
From: "Teicher, Mark (Mark)" <teicher () avaya com>
Date: Thu, 20 Nov 2003 12:49:58 -0700
Ron, Didn't @Stake produce AntiSniff to detect passive type monitoring applications ?? /mark -----Original Message----- From: Ron Gula [mailto:rgula () tenablesecurity com] Sent: Thursday, November 20, 2003 12:45 PM To: Teicher, Mark (Mark); focus-ids () securityfocus com Subject: Re: NeVO Scan Application was RE: Cisco CTR Woah ... no-one should be able to detect NeVO or RNA (or a NIDS) just by sitting there. You need to do real complex things invoking timing and other checks to find hosts that are passively listening. Desktop agents like Sygate will see scans from Nessus, Nmap, pings, etc. but they will have a hard time detecting passive analysis of their network traffic. Ron At 12:27 PM 11/20/2003 -0700, Teicher, Mark (Mark) wrote:
Ron, Interesting, another lightweight and inexpensive monitoring/scanning software ?? Wondering if the Enterprise/Desktop firewall products can detect NeVO scans as they can nmap scans. It will be very interesting to see how Desktop firewalls in the corporate environment stand up to NeVO scans.. Something to try in the lab against all those Enterprise/Desktop Firewall products.. :) /mark -----Original Message----- From: Ron Gula [mailto:rgula () tenablesecurity com] Sent: Thursday, November 20, 2003 7:38 AM To: focus-ids () securityfocus com Subject: Re: Cisco CTR At 04:54 AM 11/20/2003 -0700, Mark Teicher wrote:Just curious on how NeVO compares to Intrusec Expose ??I have not seen Expose recently, but my thought was that it was a continuous low-volume active scan that could launch other vulnerability
scanners when change was detected. NeVO does the same sort of thing, but passively through network packet/session monitoring. Besides looking for change in the network, it also looks for the vulnerability.
NeVO needs to wait for a packet to be sent before it sees a host, port,
client, server or vulnerability. If folks deploy NeVO with a Lightning Console, they can launch distributed Nessus scans if they see a system or a vulnerability data that they would like to follow up with an active scan. Ron Gula Tenable Network Security http://www.tenablesecurity.com ----------------------------------------------------------------------- - --- -----------------------------------------------------------------------
-
---
--------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- NeVO Scan Application was RE: Cisco CTR Teicher, Mark (Mark) (Nov 21)
- <Possible follow-ups>
- RE: NeVO Scan Application was RE: Cisco CTR Teicher, Mark (Mark) (Nov 21)
- Re: Passive OS Fingerprinting was Cisco CTR etc Andy Cuff [Talisker] (Nov 25)
- Re: Passive OS Fingerprinting was Cisco CTR etc David W. Goodrum (Nov 25)
- Re: Passive OS Fingerprinting was Cisco CTR etc Raistlin (Nov 27)
- Re: Passive OS Fingerprinting was Cisco CTR etc Andy Cuff [Talisker] (Nov 25)
- Re: NeVO Scan Application was RE: Cisco CTR Ron Gula (Nov 21)
- RE: NeVO Scan Application was RE: Cisco CTR Ron Gula (Nov 21)
- RE: NeVO Scan Application was RE: Cisco CTR Teicher, Mark (Mark) (Nov 21)