Penetration Testing mailing list archives
RE: IDS evasion && testing
From: ET LoWNOISE <et () cyberspace org>
Date: Mon, 8 Apr 2002 15:11:22 -0400 (EDT)
Some time ago i did a simple program to do NIDS evasion when pentesting a web server. Basically is a proxy using extended anti-IDS tactics taken from whisker and other ones. If you want nice results just combine various tactics at the same time. You can download it hfrom here: Mutatev2 http://www.dvc.es/osstmm/files/mutate2.tgz if y are working with nBoF remote exploits try using ADMmutate bye ET LoWNOISE et () cyberspace org On Mon, 8 Apr 2002, Bojan Zdrnja wrote:
I'd also recommend you to read RFP's very good paper: A look at whisker's anti-IDS tactics. You can find it on his site, http://www.wiretrip.net/rfp/pages/whitepapers/whiskerids.html Best regards, Bojan Zdrnja-----Original Message----- From: ph00dy [mailto:ph00dy () covesoft net] Sent: 5. travanj 2002 0:23 To: pen-test () securityfocus com Subject: IDS evasion && testing Hey *, I am looking for good information on defeating/testing NIDS. I have tryed some "alert overflowing", and sending some attacks/scans very slowly to see what the results are, but I imagine there is someone who has done more of this sort of testing that knows something I don't. Any experience, Ideas, papers etc.. would be helpful. Thanks.. ph00dy -------------------------------------------------------------- -------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- IDS evasion && testing ph00dy (Apr 06)
- Re: IDS evasion && testing Marco de Vivo [UCV] (Apr 07)
- RE: IDS evasion && testing Bojan Zdrnja (Apr 08)
- RE: IDS evasion && testing ET LoWNOISE (Apr 09)
- RE: IDS evasion && testing Martin Vine (Apr 09)
- <Possible follow-ups>
- RE: IDS evasion && testing Osborne-1, Brett (Apr 07)
- Re: IDS evasion && testing Renaud Deraison (Apr 08)
- Re: IDS evasion && testing Dario N. Ciccarone (Apr 09)
- Re: IDS evasion && testing Andrea Barisani (Apr 10)
- Re: IDS evasion && testing Renaud Deraison (Apr 08)
- RE: IDS evasion && testing Hornat, Charles (Apr 09)