Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > IDS-list> 1999-q4

IDS Archives: RE: IDS: Introduction / question on hacker tools

RE: IDS: Introduction / question on hacker tools

Bawcom, Aaron (Aaron_Bawcomnai.com)
Thu, 2 Sep 1999 17:32:42 -0700

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: Shake Communications Pty Ltd: "IDS: RE: Introduction / General query"
Previous message: christopher-j.conacherbae.co.uk: "IDS: Cybercop Monitor not displaying logged on user?"
Next in thread: Robert Graham: "Re: IDS: Introduction / question on hacker tools"

FAQ: See http://www.ticm.com/kb/faq/idsfaq.html
IDS: See http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owneruow.edu.au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
USUBSCRIBE: email "unsubscribe ids" to majordomouow.edu.au
---------------------------------------------------------------------------

---
Actually comma Network Associates has a risk assessment product called
CyberCop Scanner. CyberCop Scanner incorporates a utility called "Sentryd".
Sentryd performs rudimentary tests on a firewall such as what ports are
allowed through the firewall and what type of ICMP is allowed through the
firewall. Sentryd sits on the inside of the firewall while CyberCop Scanner
sits outside of the firewall. All tests sent by the scanner to Sentryd
through the firewall are 'thumb printed' to insure exact matches of network
traffic. This type of technique is more reliable than using nmap because a
firewall may drop network traffic and nmap would report false information.
More information can be found at
http://www.nai.com/asp_set/products/tns/ccscanner_intro.asp
-----Original Message-----
From: Robert Graham [mailto:robert_david_grahamyahoo.com]
Sent: Thursday, September 02, 1999 2:51 PM
To: lchiavaccibe-on.it; idsuow.edu.au
Subject: Re: IDS: Introduction / question on hacker tools
FAQ: See http://www.ticm.com/kb/faq/idsfaq.html
IDS: See http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owneruow.edu.au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
USUBSCRIBE: email "unsubscribe ids" to majordomouow.edu.au
---------------------------------------------------------------------------
---
--- lchiavaccibe-on.it wrote:
> I have taken a look at the FAQ of this list and there are mentions of some
> utilities that could be used to test an installation.
> Could anyone tell me how to try and test the security of a firewall by
using
> any
> of these utilities and where to look for them?
Since firewalls are primarily "port filters", you can test the firewall by
running a "port scanner". The best one is 'nmap' at
http://www.insecure.org/nmap. You should really get to know 'nmap' before
moving onto more complex tools.
Also remember that there isn't anyway to run a scanner against a firewall in
order to conclusively say that it is "secure". That's what IDS is for -- to
double-check the firewall's effectiveness.
===
Robert Graham
"Anxiously awaiting the millenium so I can start programming
dates with 2-digits again."
__________________________________________________
Do You Yahoo!?
Bid and sell for free at http://auctions.yahoo.com






Next message: Shake Communications Pty Ltd: "IDS: RE: Introduction / General query"
Previous message: christopher-j.conacherbae.co.uk: "IDS: Cybercop Monitor not displaying logged on user?"

Next in thread: Robert Graham: "Re: IDS: Introduction / question on hacker tools"







This archive was generated by hypermail 2.0b3 
on Fri Sep 03 1999 - 12:42:56 CDT