Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Talisker (talisker_at_networkintrusion.co.uk)
Date: Wed Aug 14 2002 - 11:00:58 CDT
Without trying to "blow my own trumpet" I have put up a website looking at
every type of IDS (with the exception of a few research projects) I tried
updating it a month or so back and only got as far as the Host and Network
IDS. Though I hope to have another go very soon
As I mentioned it's not right up to date but it's pretty much there
----- Original Message -----
From: "Gian Luca Valecchi" <glvalecchihotmail.com>
To: "Andrew Plato" <aplatoanitian.com>; <focus-idssecurityfocus.com>
Sent: Tuesday, August 13, 2002 4:04 PM
Subject: Re: host-based ids evaluation
> Hi Andrew,
> thank you for your suggestions.
> My boss ordered me to produce a doc in which I've to evaluate ISS
> ServerSensor (Hybrid ids) focusing on host-based "component".
> I'll try the tools you advised to me.
> My idea is to install a Server Sensor also on the attacker host, to see if
> the ids notifies me the malicious attempts starting from a "protected"
> Which websites are the best ones where I can find tools other from those
> mentioned to me ?
> thank you again,
> ----- Original Message -----
> From: "Andrew Plato" <aplatoanitian.com>
> To: <glvalecchihotmail.com>; <focus-idssecurityfocus.com>
> Sent: Tuesday, August 13, 2002 2:18 AM
> Subject: Re: host-based ids evaluation
> >HI all,
> >I'm an IDS newbie, I've to evaluate some host-based IDS products.
> >I need some advice about how to setup a fisible testbed.
> What HIDS are you evaluating...out of curiosity? There are not very many
> >I would reproduce some attacks from an attacker machine towards two
> >machines (winnt and solaris) on which I've to install ids sensors:
> >I need some pointers to find some attack/evaluation tools to exec towards
> >the victim machine inside my testbed.
> As for attack tools, there are so many we could spend all day. But a good
> open-source tool is Nessus. It can run tons of scans against a machine and
> make most IDS's light up like a Christmas tree. Another swell tool is
> from eEye Digital. You can download a free-eval copy to bang away at your
> HIDS and watch them go.
> These are intended as vulnerability scanners, I should note. But any
> IDS should pick up their scans as events.
> >I also know something about IDSwakeup/snot/stick tools; but AFAIK they're
> >for network ids evaluation.
> >Is there something out there (similar to it) for host-based ids ?
> >it could be very useful to me if you would point me the right way.
> All of these tools will work on a HIDS. Just configure their scans to be
> pointed specifically at the system where the HIDS is running.
> Andrew Plato, CISSP
> President / Principal Consultant
> Anitian Corporation
> (503) 644-5656 office
> (503) 201-0821 cell