| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <40B8F6FF.4040408@davewking.com> From: davedf at davewking.com (Dave King) Subject: Pentesting an IDP-System You might try nessus (http://www.nessus.org) and turn on all the dangerous plugins and turn safe checks off. It also has some detection evasion stuff. Good luck. p.s. Marcin asked what to pentest means. It's just a slang term for penetration test. Dave King http://www.thesecure.net H D Moore wrote: >On Saturday 29 May 2004 06:03, ph03n1x wrote: > > >>Do you guys have an idea how i could test it more efficiently, is there >>some software that automatically tries to attack with a bunch of the >>most common and new exploits so i dont have to do it manually? >>Preferably some GPL or other "free" stuff since i dont have a budget >>for this. >> >> > >Check out the Metasploit Framework, it was designed with IDS testing in >mind. There is an environment option that you can set from the console >that forces all "nop" instructions to be randomized; you may want to try >setting this and see if the attack is detected at all :) [1] > >The Framework is available from: > http://metasploit.com/projects/Framework/ > >Version 2.0 is the latest public release. If you read through the Crash >Course PDF on the documentation page, it will describe how to configure >random nop sleds, as well how the system works in general. The 2.0 >release includes about twenty exploits; updated and new modules are sent >out to the Framework mailing list. If you have any questions about using >the Framework, or the general development status, drop us a message >at msfdef[at]metasploit.com. > >-HD > >1. Something you may want to keep in mind is that intrusion detection >systems which follow a first-exit methodolgy (Snort, etc) will normally >report only one event for a given attack. If the "nops" rule matches >before the exploit rule, that would be the only event reported. The Snort >team has added something called "event queueing" in the 2.1.3/2.2 version >(currently in CVS), that allows much better control over which types of >events override each other. Some day we may post our paper on bypassing >every single signature with event masking... > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.netsys.com/full-disclosure-charter.html > > > >
Powered by blists - more mailing lists