I want to check my network intrusion detection system (physical intrusion like unauthorized gadgets or devices in wifi/ethernet). Until now everything is ok, but I was wondering if I block every query do my server with iptables my server will be still detect the intrusion. There is a way to test this or is just plainly ridiculous?
Clarification:
I use a server that keeps scanning the entire network (using pings and listening for packages using tcpdump) looking for any new device that connects to the network and generates a report. What I'm trying to test is if I configure a device to ignore the probes of the server, can still be detected?
Extensive explication:
Actually, I do passive and active scan the network. Passive, listening for weird packages from unauthorized devices and active ping random address to find anyone that might be just listening. So, is actually safe enough right?