Section: .. / papers / IDS /
| /// File Name: |
whiskerids.html |
Description:
|
A look at whisker's anti-IDS tactics. Anti-Intrusion Detection System (IDS) tactics were one of the original key features of my whisker web scanner. The goal of any anti-IDS tactic is to mutate a request so much that the ID systems will get confused, but the web server will still be able to understand it, hence the subtitle "just how bad can we ruin a good thing?".
| | Author: | Rain Forrest Puppy | | Homepage: | http://www.wiretrip.net | | File Size: | 25225 | | Last Modified: | Jan 2 03:58:28 2000 |
| MD5 Checksum: | 6e9e8b5619afc566d44fa31da9f45b34 |
|
| /// File Name: |
fingerprint-port80.txt |
Description:
|
Fingerprinting Port 80 Attacks - This paper looks at some of the signatures that are used in web server attacks and what to look for in your logs.
| | Author: | Zenomorph | | Homepage: | http://www.cgisecurity.com | | File Size: | 23294 | | Last Modified: | Nov 6 08:03:44 2001 |
| MD5 Checksum: | 75f97cc427a782ee2a221d5344634bbd |
|
| /// File Name: |
anomaly_rules_def.pdf |
Description:
|
This paper discusses using Snort as an anomaly based IDS, outlining the utilization of different deployments with listings of advantages and disadvantages.
| | Author: | Lubomir Nistor | | File Size: | 21704 | | Last Modified: | Jan 27 21:05:35 2003 |
| MD5 Checksum: | 840f4fe86e49259b4ae53ed522238238 |
|
| /// File Name: |
OffensiveUseofIDS.pdf |
Description:
|
Offensive Use of IDS - This paper explores ways Intrusion Detection Systems (IDS) can be used for offensive purposes. It gives a brief technical outline of determining which TCP services are running on a network using passive monitoring.
| | Author: | Coretez Giovanni | | Homepage: | http://www.8thport.com | | File Size: | 20164 | | Last Modified: | Jun 26 08:25:47 2000 |
| MD5 Checksum: | 2ea691ce01ff4f3fb49226b16ebffac4 |
|
| /// File Name: |
scanners.txt |
Description:
|
The top commercial vulnerability scanners have little to no security surrounding their licensing, making them excellent script kiddie tools. These scanners are actively being used by the underground against targets. Simple Nomad
| | File Size: | 18549 | | Last Modified: | Oct 4 20:59:34 1999 |
| MD5 Checksum: | c8d2b8ab2e0b85628655d91e9a20c3a0 |
|
| /// File Name: |
fingerprinting.txt |
Description:
|
IDing remote hosts, without them knowing. This paper details the process of Passive Fingerprinting. Passive fingerprinting is based on sniffer traces from the remote system. Instead of actively querying the remote system, all you need to do is capture packets sent from the remote system. Based on the sniffer traces of these packets, you can determine the operating system of the remote host. Just like in active fingerprinting, passive fingerprinting is based on the principle that every operating system's IP stack has its own idiosyncrasies.
| | Author: | analyzing sniffer traces and identifying these differences, you may be able determine the operating system of the remote host. Craig Smith has written a proof of concept tool called passfing.tar.gz. Homepage here. | | File Size: | 10618 | | Last Modified: | May 16 23:16:40 2000 |
| MD5 Checksum: | 2aa7b3dc1c6b55b5165fe2debf6d98a4 |
|
| /// File Name: |
t0rn.txt |
Description:
|
How to detect the t0rn rootkit - Includes detection methods, md5sums, pathnames, and TCP port numbers.
| | Author: | Toby Miller | | Homepage: | http://www.securityfocus.com | | File Size: | 9985 | | Last Modified: | Dec 4 06:16:25 2000 |
| MD5 Checksum: | aa9dd40ccf8e124ef33f32e1f63c19c8 |
|
| /// File Name: |
insidethreat.txt |
Description:
|
Protecting Corporate and Enterprise Networks Against Insider Threats - The aim of this text is to provide a basic understanding of how important it is to maintain security within the corporate network, and to offer some theory and technique that the Hacker (The insider) may use or may be using to penetrate vital systems within your organization.
| | Author: | Reflux | | File Size: | 8857 | | Last Modified: | Jul 25 22:01:57 2001 |
| MD5 Checksum: | 5b492c808a0e767a4868c29d6c156796 |
|
| /// File Name: |
unspoofing.txt |
Description:
|
The Art of Unspoofing - Describes several methods to track down denial of service attacks and includes a patch for Bind v8.3.3 and 4.9.9 which adds logging of external queries regarding domains the nameserver is authoritative for.
| | Author: | Sean Trifero, Brian Knox | | Homepage: | http://www.innu.org/~sean | | File Size: | 7679 | | Last Modified: | Sep 17 05:31:20 2002 |
| MD5 Checksum: | 87f2e5f7f9fb0f15027b7ab29a34b67e |
|
| /// File Name: |
switched.htm |
Description:
|
FAQ on implementing a Network Based IDS in a heavily switched environment.
| | Author: | Scott | | Homepage: | http://www.sans.org | | File Size: | 6574 | | Last Modified: | Feb 18 18:43:16 2000 |
| MD5 Checksum: | d7d52f2f801854f18c04f2f8df42e47c |
|
| /// File Name: |
scan.txt |
Description:
|
Lance Spitzners investigation of some mystery packets - contains some good insight by many people in the security field attempting to identify which tool created the packets.
| | Author: | Lance Spitzner | | Homepage: | http://www.enteract.com/~lspitz/papers.html | | File Size: | 6147 | | Last Modified: | May 27 00:05:44 2000 |
| MD5 Checksum: | a87a4b4940160dc75d39ebcd278bcd54 |
|
| /// Directory: |
/ nids / |
Description:
|
White paper section discussing network intrusion detection systems
| | Total Files: | 49 | | Last Modified: | Nov 10 21:30:49 2006 |
|
| /// Directory: |
/ hids / |
Description:
|
White paper section discussing host-based intrusion detection systems
| | Total Files: | 30 | | Last Modified: | Nov 10 21:30:43 2006 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
