Re: Firewall and IDS, (the second way).

From: Michel Arboi (arboiat_private)
Date: Sat Mar 16 2002 - 08:54:14 PST

Next message: zero: "Re: Buffer overflow in awk"

Previous message: Felipe Franciosi: "Re: [Re: Rather large MSIE-hole] another variant"
In reply to: sekureat_private: "Firewall and IDS, (the second way)."
Next in thread: Marco Ivaldi: "Re: Firewall and IDS, (the second way)."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

 --- sekureat_private a écrit : 
> I'm "walking" by the internet finding about paper/techniques that can
> be used to detect systemn with IDS installed. Try to detect
> snort/snort+aide/quinds/.../ somebody know something like it ??

Some commercial IDS use special a special Ethernet device that is
supposed to be invisible.
If the IDS is not set up to react to attacks, you will probably never
see it. If it reacts, e.g. but cutting TCP connections, I suppose there
is a way to detect it as the behaviour of the target machine will look
odd (e.g. connections run fine until you send something that matches
the IDS signature, and you lose them)

> And "how to outline a firewall" ... techinique to try bypass rules of
> a firewall ... or dribble ?

For IP filters, have a look at the firewalk tool.



___________________________________________________________
Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français !
Yahoo! Mail : http://fr.mail.yahoo.com

Next message: zero: "Re: Buffer overflow in awk"
Previous message: Felipe Franciosi: "Re: [Re: Rather large MSIE-hole] another variant"
In reply to: sekureat_private: "Firewall and IDS, (the second way)."
Next in thread: Marco Ivaldi: "Re: Firewall and IDS, (the second way)."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Mar 17 2002 - 00:06:43 PST