Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
470
Views
0
Helpful
1
Replies

Interesting thread on IDS Evasion

a.arndt
Level 3
Level 3

‎03-19-2004 09:11 AM - edited ‎03-09-2019 06:49 AM

Greetings,

There's an ongoing thread on the pen-test mailing list over at securityfocus.com involving what the original author suspects is shunning. (Thread index: http://www.securityfocus.com/archive/101/357990/2004-03-16/2004-03-22/1)

In a nutshell, the supposition is that a Cisco IDS is shunning the IP (range?) from which he is running his tests, which involve both "nmap" and "nikto."

What intrigues me is that some of the suggested evasion techniques (fragmentation, session splicing, encryption via SSL) are well know and, with the exception of SSL encrypted exploits, detected by Cisco IDS.

Discussions like this just make me like my sensors more and more... =)

Alex

Labels:
0 Helpful
1 Reply 1

mjuckett
Level 1
Level 1

‎03-22-2004 06:47 AM

Thanks for posting that link. I found it very interesting.

0 Helpful
Customers Also Viewed These Support Documents