Security Incidents mailing list archives

Re: Stick DOS

From: David Brumley <dbrumley () RTFM STANFORD EDU>
Date: Fri, 9 Mar 2001 11:32:32 -0800

Stick will not be released anytime soon for the exception of IDS vendors.
Snort causes a problem because releasing the code to snort is basically
releasing the code openly.  The posting I am responding to was the result of
a FOUO that was sent out.


Uh, your tool sounds awefully close to my RID, which has a  full
configuration language for generating arbitrary packets (RID also
listens for responses, though).  More, RID also uses lex and yacc.

Generating random packets to make an IDS puke doesn't seem all that
interesting to me.  It's akin to the old school trick of ringing your
neighbors doorbell and running away.  nmap, for example, has had the
decoy option for a long time.  It can be used similarily to make an
IRT follow false paths.

Am I missing the point here?

cheers,
-david
--
#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#
David Brumley - Stanford Computer Security -   dbrumley at Stanford.EDU
Phone: +1-650-723-2445           WWW: http://www.stanford.edu/~dbrumley
Fax:   +1-650-725-9121  PGP: finger dbrumley-pgp at sunset.Stanford.EDU
#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#
Life is a whim of several billion cells to be you for a while.

Current thread:

Stick DOS Curley Mr Eric P (Mar 08)
- Re: Stick DOS Jose Nazario (Mar 08)
- <Possible follow-ups>
- Re: Stick DOS Cortez (Mar 09)
  - Re: Stick DOS David Brumley (Mar 09)