03-05-2002 10:00 AM - edited 03-08-2019 09:58 PM
I'm reviewing a document that makes recomendations regarding Pandora (an attack tool for Novell). It notes "The introduction of an intrusion detection system (IDS) would also help to mitigate this vulnerability. An IDS would not only provide alerts when this type of attack is attempted, but would also aid in identifying the attacker." Does the CSIDS standard signature load include detection of Pandora NCP spoofing attempts?
03-05-2002 11:49 AM
My network engineer who has used Pandora (legally of course) stated that the utility uses TCP port 524 and UDP port 524. If you setup a custom sig, you should be able to monitor any activity.
I have comnfigured my IDS to monitor port 524.
03-05-2002 11:52 AM
The current signature set does not include coverage for Novell NCP spoofing.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: