Penetration Testing mailing list archives
RE: Evading NIDS article posted on SecurityFocus
From: "xxradar" <xxradar () radarhack com>
Date: Sat, 3 Dec 2005 19:11:11 +0100
Using simple fragmentation and certainly fragmentation combined with tcp segmentation have been extremely useful and effective to evade IPS/IDS/sniffing systems that can decode SSL encrypted streams (typically by importing SSL private key). Most systems had some sort of shortcoming. -----Original Message----- From: Erin Carroll [mailto:amoeba () amoebazone com] Sent: Saturday, December 03, 2005 5:41 PM To: pen-test () securityfocus com Subject: Evading NIDS article posted on SecurityFocus The following Infocus:Pen-Test article was published on SecurityFocus yesterday and applies to all platforms: Evading NIDS, revisited Sumit Siddharth 2005-12-02 This article looks at some of the most popular IDS evasion attack techniques, based on fragmentation or the TTL field. Snort's configuration and response to these attacks will also be discussed. http://www.securityfocus.com/infocus/1852 Have any of you used some of these techniques and if so how successfu were they? -- Erin Carroll Moderator - SecurityFocus pen-test mailing list "Do Not Taunt Happy-Fun Ball" -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.362 / Virus Database: 267.13.11/191 - Release Date: 12/2/2005 ---------------------------------------------------------------------------- -- Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ---------------------------------------------------------------------------- --- -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.362 / Virus Database: 267.13.11/191 - Release Date: 12/2/2005 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.362 / Virus Database: 267.13.11/191 - Release Date: 12/2/2005 ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Evading NIDS article posted on SecurityFocus Erin Carroll (Dec 03)
- RE: Evading NIDS article posted on SecurityFocus xxradar (Dec 04)