From: xxradar (xxradar@radarhack.com)
Date: Sat Dec 03 2005 - 13:11:11 EST
Using simple fragmentation and certainly fragmentation combined with tcp
segmentation have been extremely useful and effective to evade
IPS/IDS/sniffing systems that can decode SSL encrypted streams (typically by
importing SSL private key). Most systems had some sort of shortcoming.
-----Original Message-----
From: Erin Carroll [mailto:amoeba@amoebazone.com]
Sent: Saturday, December 03, 2005 5:41 PM
To: pen-test@securityfocus.com
Subject: Evading NIDS article posted on SecurityFocus
The following Infocus:Pen-Test article was published on SecurityFocus
yesterday and applies to all platforms:
Evading NIDS, revisited
Sumit Siddharth
2005-12-02
This article looks at some of the most popular IDS evasion attack
techniques, based on fragmentation or the TTL field. Snort's configuration
and response to these attacks will also be discussed.
http://www.securityfocus.com/infocus/1852
Have any of you used some of these techniques and if so how successfu were
they?
-- Erin Carroll Moderator - SecurityFocus pen-test mailing list "Do Not Taunt Happy-Fun Ball" -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.362 / Virus Database: 267.13.11/191 - Release Date: 12/2/2005 ---------------------------------------------------------------------------- -- Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ---------------------------------------------------------------------------- --- -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.362 / Virus Database: 267.13.11/191 - Release Date: 12/2/2005 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.362 / Virus Database: 267.13.11/191 - Release Date: 12/2/2005 ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:13 EDT