[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <423FA655.4000102@gmail.com>
From: wireless.insecurity at gmail.com (Vladamir)
Subject: Does anyone know about TCP-Replay attacks?
SNORT and CSA
Kumar,Ratna wrote:
> there are many ways for ids evasion.
>
> first of all,on what IDS system you are work????ing
>
> -----Original Message-----
> From: full-disclosure-bounces@...ts.grok.org.uk
> [mailto:full-disclosure-bounces@...ts.grok.org.uk]On Behalf Of Vladamir
> Sent: Tuesday, March 22, 2005 10:25 AM
> To: ADT
> Cc: full-disclosure@...ts.grok.org.uk
> Subject: Re: [Full-disclosure] Does anyone know about TCP-Replay
> attacks?
>
>
> Actually I was wondering about the process of a TCP replay attack, I am
> aware of the program "TCP replay" I was hoping for information on IDS
> evasion techniques.
>
> Sorry for the vagueness
>
> ADT wrote:
>
>>Hey Vladamir,
>>
>>You're being a bit vague regarding your question. When people talk
>>about "tcp replay" attacks and testing an IDS they're usually asking
>>about one of two things:
>>
>>1) how to use tcpreplay to test an IDS's detection abilities
>>
>>or
>>
>>2) About breaking the tcp stream by injecting old/out of order/broken
>>packets to try to evade an IDS
>>
>>Perhaps you could give some context and better explain what you're
>>trying to do? Btw, if you want to learn about how to use tcpreplay,
>>there is extensive documentation on the tcpreplay website.
>>
>>-ADT
>>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
Powered by blists - more mailing lists