Re: IDS evasion && testing

From: Renaud Deraison (deraison@nessus.org)
Date: Mon Apr 08 2002 - 04:28:18 EDT


On Sun, Apr 07, 2002 at 12:29:12PM -0400, Osborne-1, Brett wrote:
> There are some tools out on this - "stick" is probably the best known.
> I think Doug Song has some tools in this area - his site is on monkey.org

Nessus 1.1.14 also implements some IDS evasion techniques described in
Newsham's and Ptacek's paper. The neat thing is that it applies them to
every Nessus check (on any TCP port). So you can test an IDS by doing a
scan with IDS evasion off, then re-do the scan with IDS evasion on, and
compare the results (which is quite interesting, because Nessus usually
generates a _lot_ of signatures).

For more details, see http://www.nessus.org/doc/nids.html

                                -- Renaud

-- 
Renaud Deraison
The Nessus Project
http://www.nessus.org
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:20 EDT