Hosting Provided By

RE: IDS Stealth Mode

From: Brito, Nelson (ISS Brazil) <nbrito(at)iss.net>
Date: Thu Jan 09 2003 - 08:00:59 EST

About issue #1:
Sometimes ago, you could crash some NIDS, even using "stealth NIC", with some tools, such as: stick and snot.

Nowadays, I'm not sure about others products, but you cannot crash RealSecure Network Sensor 7.0 using this tools or any other one.

The only way you were able to exploit the NIDS using "stealth NIC" was using DoS attacks, crashing the engine or even the host machine. I never saw any successful attack using "stealth NIC" to gain access to the LAN or any other internal network.

About issue #2:
Oh, yeah. But when you say that you don't have any protocol "binded" on this NIC nor "IP Forward" enabled, it's easier to the customer to understand that.

Hope this help.

Cheers.

Sem mais,

--
Nelson Brito
System Engineer
Internet Security Systems (Brazil)
____________________________________________________
Assembleia, 10/3310        | CEP:    20.011-901
Rio de Janeiro - RJ        | NASDAQ: ISSX
Phone/FAX: 55+21 2232-2929 | WEB:    www.iss.net
Mobile:    55+21 9963-2644 | The power to protect!
____________________________________________________

To contact me directly, please mailto:nbrito@iss.net.

> -----Original Message-----

Received on Tue Jan 21 01:09:05 2003

This message: [ Message body ]
Next message: Scott Wimer: "Re: how to verify whether an attack attempt is successful?"
Previous message: Abe L. Getchell: "Active response... some thoughts."
In reply to: r)(o)(m: "IDS Stealth Mode"
In reply to Aditya: "RE: IDS Stealth Mode"
Next in thread: Matt Simmons: "Re: IDS Stealth Mode"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:05 EDT

Do you need help?