Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Does anyone know about TCP-Replay attacks?

From: "Kumar,Ratna" <rakumar () ipolicynetworks com>
Date: Tue, 22 Mar 2005 10:28:08 +0530
there are many ways for ids evasion.

first of all,on what IDS system you are work????ing

-----Original Message-----
From: full-disclosure-bounces () lists grok org uk
[mailto:full-disclosure-bounces () lists grok org uk]On Behalf Of Vladamir
Sent: Tuesday, March 22, 2005 10:25 AM
To: ADT
Cc: full-disclosure () lists grok org uk
Subject: Re: [Full-disclosure] Does anyone know about TCP-Replay
attacks?


Actually I was wondering about the process of a TCP replay attack, I am 
aware of the program "TCP replay" I was hoping for information on IDS 
evasion techniques.

Sorry for the vagueness

ADT wrote:

Hey Vladamir,

You're being a bit vague regarding your question.  When people talk
about "tcp replay" attacks and testing an IDS they're usually asking
about one of two things:

1) how to use tcpreplay to test an IDS's detection abilities

or

2) About breaking the tcp stream by injecting old/out of order/broken
packets to try to evade an IDS

Perhaps you could give some context and better explain what you're
trying to do?  Btw, if you want to learn about how to use tcpreplay,
there is extensive documentation on the tcpreplay website.

-ADT


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: