RE: IDS evasion && testing

From: ET LoWNOISE (et@cyberspace.org)
Date: Mon Apr 08 2002 - 15:11:22 EDT

• Next message: Martin Vine: "RE: IDS evasion && testing"
• Previous message: Hornat, Charles: "RE: IDS evasion && testing"
• In reply to: Bojan Zdrnja: "RE: IDS evasion && testing"
• Next in thread: Martin Vine: "RE: IDS evasion && testing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Some time ago i did a simple program to do NIDS evasion when pentesting
a web server. Basically is a proxy using extended anti-IDS tactics
taken from whisker and other ones. If you want nice results just combine
 various tactics at the same time.

You can download it hfrom here:
Mutatev2
http://www.dvc.es/osstmm/files/mutate2.tgz

if y are working with nBoF remote exploits try using ADMmutate

bye

ET LoWNOISE
et@cyberspace.org

On Mon, 8 Apr 2002, Bojan Zdrnja wrote:

> I'd also recommend you to read RFP's very good paper: A look at whisker's
> anti-IDS tactics.
>
> You can find it on his site,
> http://www.wiretrip.net/rfp/pages/whitepapers/whiskerids.html
>
> Best regards,
>
> Bojan Zdrnja
>
> > -----Original Message-----
> > From: ph00dy [mailto:ph00dy@covesoft.net]
> > Sent: 5. travanj 2002 0:23
> > To: pen-test@securityfocus.com
> > Subject: IDS evasion && testing
> >
> >
> > Hey *,
> > I am looking for good information on defeating/testing NIDS. I have
> > tryed some "alert overflowing", and sending some
> > attacks/scans very slowly
> > to see what the results are, but I imagine there is someone
> > who has done
> > more of this sort of testing that knows something I don't.
> > Any experience,
> > Ideas, papers etc.. would be helpful.
> >
> >
> > Thanks..
> > ph00dy
> >
> >
> >
> >
> > --------------------------------------------------------------
> > --------------
> > This list is provided by the SecurityFocus Security
> > Intelligence Alert (SIA)
> > Service. For more information on SecurityFocus' SIA service which
> > automatically alerts you to the latest security
> > vulnerabilities please see:
> > https://alerts.securityfocus.com/
> >
> >
>
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please see:
> https://alerts.securityfocus.com/
>
>

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

• Next message: Martin Vine: "RE: IDS evasion && testing"
• Previous message: Hornat, Charles: "RE: IDS evasion && testing"
• In reply to: Bojan Zdrnja: "RE: IDS evasion && testing"
• Next in thread: Martin Vine: "RE: IDS evasion && testing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:20 EDT