Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Snort and Nessus Signature

from [Olaf Gellert] Network Security [Permanent Link]
Subject: Re: Snort and Nessus Signature
Date: Fri, 23 Sep 2005 10:05:00 +0200 
Ron Gula wrote:

Continuous scanning will help you find some things, but won't find:

- new client software
- hosts protected by personal firewalls
- off-port services (you want to do continuous scanning for all 65k ports?)


Well, you are thinking of scanning as a network
related process (a la NMAP), I guess. But there
a many other possibilities of scanning: Scanning
your local logfiles (eg host based sensors),
scanning your local filesystem, scanning your local
installation database for new software. This way you
may get much more (and very accurate) information
than by actively scanning the network (or by
analyzing the traffic).

Sure this is not as easily deployed as a single
network sensor, but it can very well be worth
the effort.

Cheers, Olaf

-- 
Dipl.Inform. Olaf Gellert                  PRESECURE (R)
Senior Researcher,                       Consulting GmbH
Phone: (+49) 0700 / PRESECURE           og@pre-secure.de

                        A daily view on Internet Attacks
                        https://www.ecsirt.net/sensornet


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Snort and Nessus Signature, Marco Ceci
Next by Date:  Ability for SIM to perform tcp stream reassembly, Thyrymn
Previous by Thread:  Re: Snort and Nessus Signature, Ron Gula
Next by Thread:  Re: Snort and Nessus Signature, Ron Gula
Indexes:  [Date] [Thread] [Top] [All Lists]