|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Fooling NIDS
From: Matías Bevilacqua (matias
FPCVERTEX.UPC.ES)Date: Tue Dec 05 2000 - 09:43:53 CST
- Next message: thiebaut.adsl: "Re: combination of IDS and scanner"
- Previous message: Mark Teicher: "Re: network based IDS"
- Next in thread: Crist Clark: "Re: Fooling NIDS"
- Reply: Crist Clark: "Re: Fooling NIDS"
- Reply: Jon Gary: "Re: Fooling NIDS"
- Reply: Kevin Pietersma: "Switched environment NIDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This idea has just occured to me (10sec. so don't blame me on it). Has
someone seen on the wild attackers fooling NIDS systems just to get security
personel running from host to host while silenlty compromising other systems
while sec. guys are occupied?
I'm talking about something like nmaps's -D option. Make 20 alarms jump
while you're randomly hacking at one of those machines. Sure you'll gain
some a time to conceal your traces.
What about setting off 1000 alarms just for fun? Could we coin that as ADoD
(Admin DoS)
¿Someone seen this out there?
See-ya.
Mat.
- Next message: thiebaut.adsl: "Re: combination of IDS and scanner"
- Previous message: Mark Teicher: "Re: network based IDS"
- Next in thread: Crist Clark: "Re: Fooling NIDS"
- Reply: Crist Clark: "Re: Fooling NIDS"
- Reply: Jon Gary: "Re: Fooling NIDS"
- Reply: Kevin Pietersma: "Switched environment NIDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]