Been evaluating a few ids devices (not that impressed to tell the truth ! ) and by accident found a common issue with the ones i am looking at.
They all detect nmap scans and nessus scans and flag them up, i changed the nmap-services file to a custom file i use with a very specific set of ports. None of the ids devices flagged up a scan for nmap
i have spoken to the vendors the general responses that they identify the scans by known finger prints from applications i.e the way nmap sequences the ports.the other thing they look for is connection to lots of ports from 1 ip over a set amount of time
Question is is there a proxy tool for BT to randomize the proxy address and allow more than just port 80 etc and a way to randomize the nessus scan ?
My view on the ids/ips is its not worth the investment and does not replace a correctly configured firewall and system.any thoughts on usefulness of ips?
Both nmap and nessus have lots of builtin IDS/IPS avoidance options. Including random source ports, ftp or dns sourcing and bouncing, fragmenting packets, timing options, etc.
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
A timing option of -T0 helps a lot against many IDS's, but takes ages.
As thorin said, there's many options in both nmap and nessus. In fact so many
that eh, it would take a few days to explain them all I guess (in depth xD).
Even I don't know that much about IDS evasion since I haven't had the need to do it, yet.
But I look forward to the day that I'm actually going to need it! :-D
[quote][I]I realized, that I had fallen down from the top of the mountain into a deep, terrifying and dark hole, just to find out that another mountain in front of me, much greater than the previous, was the next step in life. I began to wander uphill on the next mountain of life while I knew it would be much harder than the previous mountain. [/I]- MaXe[/quote]