Dailydave mailing list archives
RE: Dreaming of Summer
From: David Maynor <dave () 0dayspray com>
Date: Sun, 07 Dec 2003 11:31:37 -0500
Add a shim to the packet capture engine. Before the captured packet gets set up the stack for traditonal protocol decodes you can check for conditions like the seq number matches a predefined set and if it does you can readsomething like the window size and translate that into a part of a command. If a packet like this is captured it woun't get flagged by the IDS becasue it never makes it to the IDS analysis phase. Command response is done by the same shim via packet injection. This would require some device driver foo. This would not work well if the IDS supplies its own network card driver. On Sun, 2003-12-07 at 07:42, Halvar Flake wrote:
Owning scanning tools is lame. Owning IDS systems would be very cool. Of course all ISS updates are signed last I checked.The big problem with owning I(SS)DS is "how to talk back". Unless I find a way to remotely convert a tap to a real connection, owning them won't get you far.
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: Dreaming of Summer, (continued)
- Re: Dreaming of Summer Sean Batt (Dec 06)
- Re: Dreaming of Summer David Maynor (Dec 06)
- Pen-Testing Disclosure was Re: Dreaming of Summer dailydave (Dec 08)
- Re: Dreaming of Summer David Maynor (Dec 06)
- RE: Dreaming of Summer Michael J Freeman (Dec 06)
- RE: Dreaming of Summer David Maynor (Dec 06)
- Re: Dreaming of Summer Dave Aitel (Dec 06)
- Re: Dreaming of Summer David Maynor (Dec 06)
- RE: Dreaming of Summer David Maynor (Dec 07)
- RE: Dreaming of Summer Halvar Flake (Dec 09)
- RE: Dreaming of Summer David Maynor (Dec 07)
- RE: Dreaming of Summer The Dark Tangent (Dec 09)