Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
476
Views
0
Helpful
2
Replies

Pandora and CSIDS

woweaver
Level 1
Level 1

‎03-05-2002 10:00 AM - edited ‎03-08-2019 09:58 PM

I'm reviewing a document that makes recomendations regarding Pandora (an attack tool for Novell). It notes "The introduction of an intrusion detection system (IDS) would also help to mitigate this vulnerability. An IDS would not only provide alerts when this type of attack is attempted, but would also aid in identifying the attacker." Does the CSIDS standard signature load include detection of Pandora NCP spoofing attempts?

Labels:
0 Helpful
2 Replies 2

mhicks
Level 1
Level 1

‎03-05-2002 11:49 AM

My network engineer who has used Pandora (legally of course) stated that the utility uses TCP port 524 and UDP port 524. If you setup a custom sig, you should be able to monitor any activity.

I have comnfigured my IDS to monitor port 524.

0 Helpful

anthall
Level 1
Level 1

‎03-05-2002 11:52 AM

The current signature set does not include coverage for Novell NCP spoofing.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents