Wednesday, January 30, 2008

Testing your IDS

Is that SPAN still up? Am I seeing the traffic that I need to? IDSwakeup from Herve Schauer Consultants, is a small script the is worth a try. You will have to have hping2 installed as a prereq.

Usage: ./IDSwakeup src_addr dst_addr [nb] [ttl]

IDSwakeup should light the average sensor up like an Xmas Tree.

Saturday, January 26, 2008

Sans New Orleans 2008

Last week, I attended the latest Sans Institute conference in New Orleans. All in all it was a great experience. It seems like the city is on its way back. I sat through SEC-504 Advanced Hacker Techniques and Incident Handling, and yes I'll be taking the exam for the Cert. The course was originally scheduled to be taught by the one and only Ed Skoudis; known for books he has authored including "Counterhack" and "Counterhack Reloaded". Upon arrival, I was disappointed to find out that Ed would not be teaching, but a guy by the name of John Strand; Ed was in the lab working on what has become the new Sans Penetration Testing / Ethical Hacking course. Well, no need to worry, John did not disappoint,I listened to him vomit knowledge for 6 days, eight hours each day, non-stop. My hat is off to all of the Sans instructors they are hands down the most professional and knowledgeable in the field. Check out John Strand's website he has some pretty good video tutorials on it.

Thank you New Orleans
Love that City!