Full Disclosure mailing list archives
Re: IDS Evasion
From: security snot <booger () unixclan net>
Date: Wed, 29 Oct 2003 16:04:48 -0800 (PST)
Simon, The following graphic was acquired during a recent penetration test against clients of mine who will remain unnamed, for obvious reasons. However it helps illustrate the expertise of a certain crew of skilled security consultants, who are obviously experts in all aspects of intrustion detection - else they wouldn't fathom asking for such outrageous amounts of money for the protection offered by their services. I recommend you discuss the matter with d0tlash () snosoft com, one of the leading researchers from our computer security community. It's good to know that you're interested in investigating the weaknesses of your products before offering them to the public at large. Incidently I've had a chance to take a peek at their sourcecode and I must say, their products are very hacker friendly. ;> Thanks, and have a super day. - snot "So you have a PhD - you probably have better things to do than to associate with cyberterrorists like Ron Dufrense." ----------------------------------------------------------- "Whitehat by day, booger at night - I'm the security snot." - CISSP / CCNA / A+ Certified - www.unixclan.net/~booger/ - ----------------------------------------------------------- On Wed, 29 Oct 2003, simon wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 All, I am interested in learning about IDS evasion tricks and tools for both host based IDS systems and network based IDS systems. Is there a place where I can find a list that either gives technoligical details or tools that I could study to learn more about this? I already have a very detailed understanding of the evasion theories, but I want to put some of them to the test on my own product(s). Pointers, advice? - -- Regards, -simon- "When a shepherd goes to kill a wolf, and takes his dog along to see the sport, he should take care to avoid mistakes. The dog has certain relationships to the wolf the sheperd may have forgotten." - ------------------------------------------------------- Secure Network Operations Strategic Reconnaissance Team http://www.secnetops.com || http://www.snosoft.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/oDy/f3Elv1PhzXgRAq3FAKCtZOR9RgTT1CLcg34wfjV973UI4wCgzubm FpRxGZg8DSKHLwQHQqCunj0= =jHat -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- IDS Evasion simon (Oct 29)
- Re: IDS Evasion Ben Nelson (Oct 29)
- RE: IDS Evasion Rafael Nuñez (Oct 30)
- RE: IDS Evasion indianz (Oct 30)
- Re: IDS Evasion security snot (Oct 30)
- IDS Evasion thank you. simon (Oct 29)