Penetration Testing mailing list archives

RE: AppScan and IDS evasion

From: Marco Ivaldi <raptor () mediaservice net>
Date: Mon, 30 Jun 2008 17:07:52 +0200 (ora solare Europa occidentale)

Hi pen-testers,

On Sun, 29 Jun 2008, admin () systemstates net wrote:

If you need to establish a TCP session, it's pretty hard these days to
spoof the source address - unless you own bits of the routing
infrastructure between the spoofed endpoint and the target. As you say,
you could use proxying to get round this.

For the record, last time I checked it was still possible to spoof thesource IP address using some dial-up ISP which didn't bother to properlydo their egress filtering -- at least here in Italy.

56Kbps are more than enough for tasks such as triggering an IPS "defense",bypassing filters on SNMP, exploiting weak TCP ISN generators, etc.


--
Marco Ivaldi, OPST
Red Team Coordinator      Data Security Division
@ Mediaservice.net Srl    http://mediaservice.net/


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes inSecuring Web Applications

Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------

Current thread:

Re: AppScan and IDS evasion Chroot (Jun 27)
- Re: AppScan and IDS evasion Pen Testing (Jun 27)
- Re: AppScan and IDS evasion TH (Jun 27)
  - Re: AppScan and IDS evasion Chris Brenton (Jun 28)
- <Possible follow-ups>
- Re: AppScan and IDS evasion Joseph McCray (Jun 29)
- RE: AppScan and IDS evasion admin (Jun 29)
  - RE: AppScan and IDS evasion Marco Ivaldi (Jun 30)