RE: Evading IDS?

From: Gary E. Miller (gem@rellim.com)
Date: Fri Mar 19 2004 - 14:56:20 EST


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yo Mark!

On Thu, 18 Mar 2004, Mark G. Spencer wrote:

> I've tried a variety of Nikto IDS evasion techniques and continued to get
> each of my respective IP's blacklisted.

Create a large number of fake attacks from sites important to them.
Like a outsourced email server, google, root name servers, branch
offices, gateway routers, etc.

The blacklist will then cripple their core operations. This will cause
their people fits and slow operations to a crawl. The IT manager will
get some rude calls from upper management about how his system is
hurting rather than helping. Continue this for a few weeks and the auto
blacklisting will disappear. Then repeat your remote scans without that
hassle.

RGDS
GARY
- ---------------------------------------------------------------------------
Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701
        gem@rellim.com Tel:+1(541)382-8588 Fax: +1(541)382-8676

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFAW1Bn8KZibdeR3qURAs32AJ4gtUilNHgFa7GCtvMs+lvIkM0/bACfRFmh
fQEBlBF6RODC2L2td4cmPuA=
=jvsV
-----END PGP SIGNATURE-----

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:51 EDT