IDS mailing list archives
RE: interesting paper on testing sig-based IDS
From: "Kyle Quest" <Kyle.Quest () networkengines com>
Date: Thu, 3 Mar 2005 08:48:34 -0500
Mick, Have you thought about using fragroute/fragrouter for that??? They do a good job with TCP. It seems like that's what you are asking for when you talk about TCP in your email Kyle -----Original Message----- From: buineach [mailto:securesolutions () gmail com] Sent: Tuesday, March 01, 2005 6:59 PM To: Jonathon Giffin Cc: Kohlenberg, Toby; focus-ids () lists securityfocus com; Shai Rubin Subject: Re: interesting paper on testing sig-based IDS Hi I just joined this forum so apologies if this has been asked/answered before. Is this tool available to the general public as I do a lot of IPS testing and would like to verify further the framentation and TCP segment handling of these inline products. ? I have been assuming that all current IPS products have mechanisms to deal with evasion techniques like this but as the NSS testing results show a lot of current IPS solutions are nothing more than the offline IDS they were before with many signatures disabled with 2 NIC's. A real concern I have with inline IPS that depend on a central CPU to deal with fragmentation and segmentation evasion is that an overload attack with this traffic will make the IPS the weakest link in the network. I have ruled out many IPS vendors based on using ISIC through the IPS but would like to have a more specific tool to deal with TCP segment shifting with metasploit framework for example to see who fails here. Any info appreciated. Mick -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- interesting paper on testing sig-based IDS Kohlenberg, Toby (Feb 28)
- Re: interesting paper on testing sig-based IDS Jonathon Giffin (Mar 01)
- Re: interesting paper on testing sig-based IDS buineach (Mar 02)
- Re: interesting paper on testing sig-based IDS Shai Rubin (Mar 02)
- Re: interesting paper on testing sig-based IDS buineach (Mar 02)
- Re: interesting paper on testing sig-based IDS Giovanni Vigna (Mar 02)
- Re: interesting paper on testing sig-based IDS Stefano Zanero (Mar 04)
- Re: interesting paper on testing sig-based IDS Richard Bejtlich (Mar 02)
- <Possible follow-ups>
- RE: interesting paper on testing sig-based IDS Kyle Quest (Mar 04)
- RE: interesting paper on testing sig-based IDS Jose Maria Lopez Hernandez (Mar 06)
- RE: interesting paper on testing sig-based IDS Kyle Quest (Mar 06)
- RE: interesting paper on testing sig-based IDS Brian Smith (Mar 06)
- RE: interesting paper on testing sig-based IDS Micheal Reynolds (Mar 06)
- Re: interesting paper on testing sig-based IDS Jonathon Giffin (Mar 01)