Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Passive Asset Detection System v1.1.3 Released

from [Matt Shelton] Network Security [Permanent Link]
Subject: Passive Asset Detection System v1.1.3 Released
Date: Thu, 30 Sep 2004 23:40:33 -0400 
Greetings,

Version 1.1.3 of Passive Asset Detection System (PADS) has been released. It can be found at http://passive.sourceforge.net.

Pads is a signature-based detection engine used to passively detect network assets. Even though active scanners such as nmap and Nessus are valuable tools, sometimes it is necessary to identify network devices in a passive manner. Pads was developed to sit along side the promiscuous interface of an IDS device. It will listen to network traffic and attempt to identify the applications running on the network.

Goals:

- Passive: Records and identifies traffic seen on a network without actively "scanning" a system. There will never be a packet sent from the Pads applications.

- Portable: Has the ability to be placed easily on a remote system. Does not require additional external libraries other than those associated with libpcap.

- Lightweight: Logging is sent to a simple CSV file. There is no need for a database or other data repository installed on the local machine. All correlation is done outside of the pads program.

The nature of an IDS device is to passively monitor a network. In many deployments, the device only monitors a network and does not have access to it. This makes active network scanners, like nmap, useless since the IDS team has no way to scan the network.

Pads was developed to solve this problem. It is modeled after my favorite scanning tool nmap, specifically the “-sV” option. Unlike nmap, it will not generate any traffic while mapping the network. Unfortunately, this method is potentially less accurate than active scanning but is often necessary in an IDS environment.

Please email me with any comments, suggestions, or complaints. I would like to hear everyone’s constructive feedback of the application.

Regards,
Matt Shelton (matt at mattshelton dot com)


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE 
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to 
learn more.
--------------------------------------------------------------------------

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Passive Asset Detection System v1.1.3 Released, Matt Shelton <=
Previous by Date:  Re: Snort, Raffael Marty
Next by Date:  RE: Snort, Phil Hollows
Previous by Thread:  RE: Snort, Leon De France
Next by Thread:  [Full-Disclosure] On Polymorphic Evasion, Phantasmal Phantasmagoria
Indexes:  [Date] [Thread] [Top] [All Lists]