Penetration Testing mailing list archives
Re: IDS evasion && testing
From: Renaud Deraison <deraison () nessus org>
Date: Mon, 8 Apr 2002 10:28:18 +0200
On Sun, Apr 07, 2002 at 12:29:12PM -0400, Osborne-1, Brett wrote:
There are some tools out on this - "stick" is probably the best known. I think Doug Song has some tools in this area - his site is on monkey.org
Nessus 1.1.14 also implements some IDS evasion techniques described in Newsham's and Ptacek's paper. The neat thing is that it applies them to every Nessus check (on any TCP port). So you can test an IDS by doing a scan with IDS evasion off, then re-do the scan with IDS evasion on, and compare the results (which is quite interesting, because Nessus usually generates a _lot_ of signatures). For more details, see http://www.nessus.org/doc/nids.html -- Renaud -- Renaud Deraison The Nessus Project http://www.nessus.org ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- IDS evasion && testing ph00dy (Apr 06)
- Re: IDS evasion && testing Marco de Vivo [UCV] (Apr 07)
- RE: IDS evasion && testing Bojan Zdrnja (Apr 08)
- RE: IDS evasion && testing ET LoWNOISE (Apr 09)
- RE: IDS evasion && testing Martin Vine (Apr 09)
- <Possible follow-ups>
- RE: IDS evasion && testing Osborne-1, Brett (Apr 07)
- Re: IDS evasion && testing Renaud Deraison (Apr 08)
- Re: IDS evasion && testing Dario N. Ciccarone (Apr 09)
- Re: IDS evasion && testing Andrea Barisani (Apr 10)
- Re: IDS evasion && testing Renaud Deraison (Apr 08)
- RE: IDS evasion && testing Hornat, Charles (Apr 09)