Penetration Testing mailing list archives
RE: AppScan and IDS evasion
From: Marco Ivaldi <raptor () mediaservice net>
Date: Mon, 30 Jun 2008 17:07:52 +0200 (ora solare Europa occidentale)
Hi pen-testers, On Sun, 29 Jun 2008, admin () systemstates net wrote:
If you need to establish a TCP session, it's pretty hard these days to spoof the source address - unless you own bits of the routing infrastructure between the spoofed endpoint and the target. As you say, you could use proxying to get round this.
For the record, last time I checked it was still possible to spoof the source IP address using some dial-up ISP which didn't bother to properly do their egress filtering -- at least here in Italy.
56Kbps are more than enough for tasks such as triggering an IPS "defense", bypassing filters on SNMP, exploiting weak TCP ISN generators, etc.
-- Marco Ivaldi, OPST Red Team Coordinator Data Security Division @ Mediaservice.net Srl http://mediaservice.net/ ------------------------------------------------------------------------ This list is sponsored by: CenzicTop 5 Common Mistakes in Securing Web Applications
Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- Re: AppScan and IDS evasion Chroot (Jun 27)
- Re: AppScan and IDS evasion Pen Testing (Jun 27)
- Re: AppScan and IDS evasion TH (Jun 27)
- Re: AppScan and IDS evasion Chris Brenton (Jun 28)
- <Possible follow-ups>
- Re: AppScan and IDS evasion Joseph McCray (Jun 29)
- RE: AppScan and IDS evasion admin (Jun 29)
- RE: AppScan and IDS evasion Marco Ivaldi (Jun 30)