- Bronze, 100 points or more
There's an ongoing thread on the pen-test mailing list over at securityfocus.com involving what the original author suspects is shunning. (Thread index: http://www.securityfocus.com/archive/101/357990/2004-03-16/2004-03-22/1)
In a nutshell, the supposition is that a Cisco IDS is shunning the IP (range?) from which he is running his tests, which involve both "nmap" and "nikto."
What intrigues me is that some of the suggested evasion techniques (fragmentation, session splicing, encryption via SSL) are well know and, with the exception of SSL encrypted exploits, detected by Cisco IDS.
Discussions like this just make me like my sensors more and more... =)