-
August 12th, 2004, 09:24 PM
#11
Originally posted here by phishphreek80
Especially when your security admins are away on vacation/holidays...
Vaction/holidays ......what the hell are those.
Cheers:
-
August 12th, 2004, 09:26 PM
#12
Especially when your security admins are away on vacation/holidays...
They don't have to be on holidays. Poor configurations lead to a lot of holes and vulnerabilities. It's a lack of attention to detail and lack of desire to pay attention to that detail. Many have been trained to administrate their networks but few are trained to think security from the get go. As long as that exists, there will always be those that can by-pass firewalls, IDSes, pick out the honeypots and go to the bank with your data. As long as people assume they are secure, they will never be secure.
Better to be paranoid and think of all the possibilities than to get lax. The attackers aren't.
-
August 12th, 2004, 10:38 PM
#13
Of course rather then trying to detect the IDS, which as has been said is not very practical from the outside, an attacker can try to avoid it, various methods exist for doing this. Which is why defense in depth is such a good idea. Make sure boxes are patched are locked down, logs are being monitored, AV is running etc...
Quis custodiet ipsos custodes
-
August 13th, 2004, 12:22 AM
#14
ok so places like schools, web servers, and small bussiness would not usualy have one but places like banks, large bussiness, and sights with valuable information stored on them for bussiness men away from the office would have IDSes.
-
August 13th, 2004, 01:16 AM
#15
ok so places like schools, web servers, and small bussiness would not usualy have one but places like banks, large bussiness, and sights with valuable information stored on them for bussiness men away from the office would have IDSes.
Not always true. Schools, webservers and small businesses also have valuable information to protect (e.g., client information, personal privacy of students, grades, exams, etc.) It's often a question of budget, admin's knowledge and how important it is to them.
-
August 13th, 2004, 04:35 PM
#16
o ok. thank you all for the help.
-
October 13th, 2005, 06:34 PM
#17
Junior Member
There are several methods. I've described some in this thread:
http://marc.theaimsgroup.com/?l=vuln...8483927663&w=2
-
October 13th, 2005, 10:11 PM
#18
Saw that there was another thread here with almost the same question, but it was geared a bit more towards detecting snort:
http://www.antionline.com/showthread...hreadid=270550
I found this little blurb about detecting if someone is running a NIDS (Network IDS) on another site:
"A NIDS is essentially a sniffer, so therefore standard sniffer detection techniques can be used. Such techniques are explained in http://www.robertgraham.com/pubs/sni...q.html#detect.
An example would be to do a traceroute against the victim. This will often generate a low-level event in the IDS. Traceroutes are harmless and frequent on the net, so they don't indicate an attack. However, since many attacks are preceded by traceroutes, IDSs will log them anyway. As part of the logging system, it will usually do a reverse-DNS lookup. Therefore, if you run your own DNS server, then you can detect when somebody is doing a reverse-DNS lookup on your IP address in response to your traceroute. "
-Snippet taken from www.ticm.com/kb/faq/idsfaq.html
Interesting site, lots of useful faq's pertaining to IDS's
%42%75%75%75%75%72%70%21%00
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|