Results 1 to 2 of 2

Thread: IDS and Logging Question

  1. #1
    Junior Member imported_seven's Avatar
    Join Date
    May 2007
    Posts
    97

    Default IDS and Logging Question

    Hello all as usual.

    For thinkin outside the box on pentesting. After i have cracked my WEP ( i need to get more computers and routers, cracking the same one is boring haha but good practice and training ) I thought that if i logged into my router and Port triggered certain ports then it would be easy for me to leave a foothold on my servers ( only 2 for now )

    Now my question is, ( well im at work right now and this idea just hit me so i cant practice it yet or dl the router brute-forcer )
    Can a host IDS detect router bruteforcing? Is there and IDS you can put on the router? Also are there logs on the router that can be viewed to see failed login attempts?

    merci

    -seven

    p.s i need a fancy tag like xploitz!! lol

  2. #2
    Member Eristic's Avatar
    Join Date
    Aug 2006
    Posts
    188

    Default

    Quote Originally Posted by seven View Post
    Hello all as usual.

    For thinkin outside the box on pentesting. After i have cracked my WEP ( i need to get more computers and routers, cracking the same one is boring haha but good practice and training ) I thought that if i logged into my router and Port triggered certain ports then it would be easy for me to leave a foothold on my servers ( only 2 for now )

    Now my question is, ( well im at work right now and this idea just hit me so i cant practice it yet or dl the router brute-forcer )
    Can a host IDS detect router bruteforcing? Is there and IDS you can put on the router? Also are there logs on the router that can be viewed to see failed login attempts?

    merci

    -seven

    p.s i need a fancy tag like xploitz!! lol
    I think what you're looking for is a firewall that you can place in front of the router. CISCO sells a router IDS security bundle. It will definately log brute force attempts. The router itself has logs but typically only show network activity, not login attempts. If you have a Linksys WRT54 router, you can update the firmware to something like Sveasoft, DD-WRT, OpenWRT, or HyperWRT which may suit your needs.

    p.s. you could make your own fancy tag too

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •