Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: detecting "intrusion detection"

from [Krzysztof Cabaj] Network Security [Permanent Link]
Subject: Re: detecting "intrusion detection"
Date: Wed, 5 Oct 2005 22:43:27 +0200 
Hi,


Is there any technique to detect if a particular machine is running an IDS or 
if a network
has implemented IDS.

It depends how IDS is configured. For e.g. if IDS check suspicious
machine name using DNS or send RST packet, you could send packet with
forged address and look for potential IDS response. You could also
check if machine has network adapter in promisious mode (send forged
packet with IP of sensor and other MAC address).

But those are only some evidences that this machine is running IDS.
Sometimes this could be very hard or even impossible.

Best regards,
Krzysztof (Christopher) Cabaj

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: detecting "intrusion detection", Biswas, Proneet
Next by Date:  Re: detecting "intrusion detection", Ron Gula
Previous by Thread:  detecting "intrusion detection", sumit . siddharth
Next by Thread:  Re: detecting "intrusion detection", Ron Gula
Indexes:  [Date] [Thread] [Top] [All Lists]