RE: Netcat probing, logs and detection

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Paul Danckaert: "Re: Netcat probing, logs and detection"
• Previous message: Peter C. Norton: "Re: Netcat probing, logs and detection"

>    1)  Does anyone have any experience using Hobbit's Netcat program
>    to probe system vulnerabilities?

Yes, and it works great. I'm doing a lot of penetration studies and I
use netcat for most part of it. You can have full control on whatever
TCP stream or UDP datagrams you send to whatever port, with whatever
input..
>
>    2)  Does anyone have a log of such probing that they would care to post
>    or share?

What do you want to see??? There is no such thing as clear recognition
of the use of netcat in logs or dumps. The way you use netcat is fully
up to your own creativity.... 
>
>    3)  Is there an intrusion detection system that will explicitly
>    identify Netcat probes, the same way as Courtney idenfifies Satan?

No... Satan, ISS and such other tools have standard preprogrammed way of
scanning networks and systems, which you can use in you detection
system. In case of netcat you should be aware of "strange" logs
concerning connections to ports. May that can be automated, but I think
it's just not possible to have netcat probes explicitly identified.
(also, instead of using netcat, one can use many other techniques and
tools...)
>
>                                 Hog Farmer,
>                                 Tropical Hog Improvement Programme

Arjan Vos
KPMG EDP Auditors
>

• Next message: Paul Danckaert: "Re: Netcat probing, logs and detection"
• Previous message: Peter C. Norton: "Re: Netcat probing, logs and detection"