Security Incidents mailing list archives
Re: Stick DOS
From: David Brumley <dbrumley () RTFM STANFORD EDU>
Date: Fri, 9 Mar 2001 11:32:32 -0800
Stick will not be released anytime soon for the exception of IDS vendors. Snort causes a problem because releasing the code to snort is basically releasing the code openly. The posting I am responding to was the result of a FOUO that was sent out.
Uh, your tool sounds awefully close to my RID, which has a full configuration language for generating arbitrary packets (RID also listens for responses, though). More, RID also uses lex and yacc. Generating random packets to make an IDS puke doesn't seem all that interesting to me. It's akin to the old school trick of ringing your neighbors doorbell and running away. nmap, for example, has had the decoy option for a long time. It can be used similarily to make an IRT follow false paths. Am I missing the point here? cheers, -david -- #+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+# David Brumley - Stanford Computer Security - dbrumley at Stanford.EDU Phone: +1-650-723-2445 WWW: http://www.stanford.edu/~dbrumley Fax: +1-650-725-9121 PGP: finger dbrumley-pgp at sunset.Stanford.EDU #+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+# Life is a whim of several billion cells to be you for a while.
Current thread:
- Stick DOS Curley Mr Eric P (Mar 08)
- Re: Stick DOS Jose Nazario (Mar 08)
- <Possible follow-ups>
- Re: Stick DOS Cortez (Mar 09)
- Re: Stick DOS David Brumley (Mar 09)