Penetration Testing mailing list archives
Re: Port Scanning.
From: robert () dyadsecurity com
Date: Wed, 22 Dec 2004 12:47:12 -0800
robert () dyadsecurity com(robert () dyadsecurity com)@Wed, Dec 22, 2004 at
The only thing that isn't currently easy to do is TCP full connection payload injection from spoofed IP's. We're working on a way to do that though :).
I know it's bad form to follow up on your own post... What I was talking about in the last email was a way to actually introduce the TCP 3-way handshake (connection) payload stimulous to the remote IP from a spoofed source. This is currently difficult on modern stacks. However, many IPS/IDS's don't keep track of state, and you can actually get the PSH/ACK TCP payload to trigger many IPS's from spoofed sources now. By skipping the 3-way-handshake, the remote IP will obviously not treat it as part of an established connection, but if IPS trigger DoS was your goal, who cares. Robert -- Robert E. Lee CTO, Dyad Security, Inc. W - http://www.dyadsecurity.com E - robert () dyadsecurity com M - (949) 394-2033
Current thread:
- Port Scanning. Faisal Khan (Dec 13)
- Re: Port Scanning. robert (Dec 13)
- Message not available
- Re: Port Scanning. robert (Dec 22)
- Message not available
- Re: Port Scanning. robert (Dec 22)
- Re: Port Scanning. robert (Dec 22)
- Message not available
- Re: Port Scanning. robert (Dec 13)
- <Possible follow-ups>
- Re: Port Scanning. miguel . dilaj (Dec 13)
- Message not available
- Re: Port Scanning. Faisal Khan (Dec 13)
- Message not available
- RE: Port Scanning. rzaluski (Dec 14)
- Re: Port Scanning. Martin Mačok (Dec 15)