Hello Renaud, My interest lies in evaluating the vulnerabilities (on not!) of the hosts. Some of the hosts on the subnet we manage on behalf of our customers. In the unlikely event of an intrusion attempt by a third party these could be missed during my scan. I currently know nothing about the IDS but will endeavour to fine out.
Thanks and regards, Dick -----Original Message----- From: Renaud Deraison [mailto:[EMAIL PROTECTED] Sent: 11 June 2003 15:04 To: '[EMAIL PROTECTED]' Subject: Re: Best settings for IDS evasion? On Wed, Jun 11, 2003 at 02:36:20PM +0100, Cardwell, Dick wrote: > > Greetings all, > > Using nessus 2.0.6a on RedHat 8.0 system, I've being tasked with > scanning a small number of hosts on one of our subnets. These hosts > sit behind a firewall which will be opened up to allow my scan > through. Is there a set of recommended settings to reduce the > likelihood of raising IDS alarms? Only safe checks will be run and > the scan of each host should be completed with 1 working day. It really depends on what you want to test (the hosts or the quality of IDS), and why raising IDS alarms would be an issue for you. It also depends on the type of IDS (if it's snort, you may want to disable all the SNMP checks as it is extremely verbose on that regard). -- Renaud
