Re: IDS Evasion

[security snot <booger () unixclan net>]

Simon,

The following graphic was acquired during a recent penetration test
against clients of mine who will remain unnamed, for obvious reasons.
However it helps illustrate the expertise of a certain crew of skilled
security consultants, who are obviously experts in all aspects of
intrustion detection - else they wouldn't fathom asking for such
outrageous amounts of money for the protection offered by their services.

I recommend you discuss the matter with d0tlash () snosoft com, one of the
leading researchers from our computer security community.  It's good to
know that you're interested in investigating the weaknesses of your
products before offering them to the public at large.

Incidently I've had a chance to take a peek at their sourcecode and I must
say, their products are very hacker friendly. ;>

Thanks, and have a super day.

- snot

"So you have a PhD - you probably have better things to do than to
associate with cyberterrorists like Ron Dufrense."

-----------------------------------------------------------
"Whitehat by day, booger at night - I'm the security snot."
- CISSP / CCNA / A+ Certified - www.unixclan.net/~booger/ -
-----------------------------------------------------------

On Wed, 29 Oct 2003, simon wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> All,
>       I am interested in learning about IDS evasion tricks and tools for both
> host based IDS systems and network based IDS systems. Is there a place
> where I can find a list that either gives technoligical details or tools
> that I could study to learn more about this? I already have a very
> detailed understanding of the evasion theories, but I want to put some
> of them to the test on my own product(s).  Pointers, advice?
>
>
> - --
>
> Regards,
>          -simon-
>
>
> "When a shepherd goes to kill a wolf, and takes his dog along to see the
> sport, he should take care to avoid mistakes.  The dog has certain
> relationships to the wolf the sheperd may have forgotten."
>
>
> - -------------------------------------------------------
> Secure Network Operations Strategic Reconnaissance Team
> http://www.secnetops.com || http://www.snosoft.com
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQE/oDy/f3Elv1PhzXgRAq3FAKCtZOR9RgTT1CLcg34wfjV973UI4wCgzubm
> FpRxGZg8DSKHLwQHQqCunj0=
> =jHat
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html