|
|||||||
| Pentesting Specific topics related to legal penetration testing |
 |
|
|
LinkBack | Thread Tools | Display Modes |
07-03-2009, 08:32 PM
|
|||
|
|||
Port scan detection avoidance
Been evaluating a few ids devices (not that impressed to tell the truth !
 ) and by accident found a common issue with the ones i am looking at.They all detect nmap scans and nessus scans and flag them up, i changed the nmap-services file to a custom file i use with a very specific set of ports. None of the ids devices flagged up a scan for nmap  i have spoken to the vendors the general responses that they identify the scans by known finger prints from applications i.e the way nmap sequences the ports.the other thing they look for is connection to lots of ports from 1 ip over a set amount of time Question is is there a proxy tool for BT to randomize the proxy address and allow more than just port 80 etc and a way to randomize the nessus scan ? My view on the ids/ips is its not worth the investment and does not replace a correctly configured firewall and system.any thoughts on usefulness of ips? 
|
|
07-03-2009, 08:39 PM
|
||||
|
||||
|
Quote:
You can do lots of things with nmap to help hide where you are coming from. I am not going to tell you but if you look at the nmap man page it will tell you. Course even then it might not work.
__________________
I like an escalator because an escalator can never break, it can only become stairs. There would never be an escalator temporarily out of order sign, only an escalator temporarily stairs. Sorry for the convenience. -Mitch Hedberg
|
|
07-04-2009, 01:40 AM
|
||||
|
||||
|
Both nmap and nessus have lots of builtin IDS/IPS avoidance options. Including random source ports, ftp or dns sourcing and bouncing, fragmenting packets, timing options, etc.
__________________
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change. I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
|
|
07-11-2009, 08:56 PM
|
||||
|
||||
|
A timing option of -T0 helps a lot against many IDS's, but takes ages.
As thorin said, there's many options in both nmap and nessus. In fact so many that eh, it would take a few days to explain them all I guess (in depth xD). Even I don't know that much about IDS evasion since I haven't had the need to do it, yet. But I look forward to the day that I'm actually going to need it! :-D
__________________
Quote:
|
|
| Bookmarks |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT. The time now is 09:58 PM.
