I know that there was a presentation that was done in 2006 about, ids
and ips evasion. I am sure that there are ton's of others.
Joshua Gimer
On May 5, 2008, at 11:10 AM, Jamie Riden wrote:
> Try to break into the network (make sure you have explicit permission
> first!) and see if it stops you, or alerts. Have a play with nessus,
> nmap and metasploit for example.
>
> I wouldn't actually go as far as attempting to infect the network with
> a virus- if it did work then you would have serious problems. You
> could try it on a completely isolated test network.
>
> cheers,
> Jamie
>
> On 05/05/2008, Paari <paarim (at) calsoftlabs (dot) com [email concealed]> wrote:
>>
>> Hi guys,
>>
>> Can you please give me some reference or links on how to test
>> IPS/IDS
>> hardware box.
>>
>>
>> Thanks,
>> Paari
>
> --
> Jamie Riden / jamesr (at) europe (dot) com [email concealed] / jamie (at) honeynet.org (dot) uk [email concealed]
> UK Honeynet Project: http://www.ukhoneynet.org/
>
> ------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it
> with real-world attacks from CORE IMPACT.
> Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaig
n=intro_sfw
> to learn more.
> ------------------------------------------------------------------------
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaig
n=intro_sfw
to learn more.
------------------------------------------------------------------------
I would use some automated scanning tools first such as Nessus; this
will show you how much information can be gathered about a remote
system.
Metasploit can also be of use in this situation. I would suggest
looking into the ips_filter.rb plugin.
You can also check some conference archives, and SANS reading room for
more ideas, and techniques.
http://www.sans.org/reading_room/
http://www.blackhat.com/html/bh-media-archives/bh-multimedia-archives-in
dex.html
I know that there was a presentation that was done in 2006 about, ids
and ips evasion. I am sure that there are ton's of others.
Joshua Gimer
On May 5, 2008, at 11:10 AM, Jamie Riden wrote:
> Try to break into the network (make sure you have explicit permission
> first!) and see if it stops you, or alerts. Have a play with nessus,
> nmap and metasploit for example.
>
> I wouldn't actually go as far as attempting to infect the network with
> a virus- if it did work then you would have serious problems. You
> could try it on a completely isolated test network.
>
> cheers,
> Jamie
>
> On 05/05/2008, Paari <paarim (at) calsoftlabs (dot) com [email concealed]> wrote:
>>
>> Hi guys,
>>
>> Can you please give me some reference or links on how to test
>> IPS/IDS
>> hardware box.
>>
>>
>> Thanks,
>> Paari
>
> --
> Jamie Riden / jamesr (at) europe (dot) com [email concealed] / jamie (at) honeynet.org (dot) uk [email concealed]
> UK Honeynet Project: http://www.ukhoneynet.org/
>
> ------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it
> with real-world attacks from CORE IMPACT.
> Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaig
n=intro_sfw
> to learn more.
> ------------------------------------------------------------------------
>
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaig
n=intro_sfw
to learn more.
------------------------------------------------------------------------
[ reply ]