Penetration Testing mailing list archives
IDS/IPS Evasion Research Project
From: Joseph McCray <joe () learnsecurityonline com>
Date: Mon, 09 Oct 2006 06:31:03 -0400
I was talking with a buddy of mine on the subject of IDS evasion. We were going on and on about how none of the old techniques really work anymore (substitution/obfuscation/session splicing/fragmentation, blah blah blah). I was an IDS monkey in a former life - maybe I'm just a glutton for punishment. There is a bunch of new stuff on the subject that really isn't all that well documented (AT LEAST NOT FOR FREE). Everybody charges for this kind of info these days - hey who am I to complain - I charge for teaching hacking too right? So I figured why not start an IDS/IPS Evasion research project of my own. I figured I could give a shout out to you guys here on the pentest/ids lists to help me try out some different open source tools against a few I{D|P}Ss, maybe even write a few new tools too, and we can see for ourselves what lights up and what doesn't. Now of course you know we'll start with Snort as it is by far the most accessible and the easiest to find competent users. Things I'm really interested in digging into: 1. Specifically which of the older IDS evasion techniques still work against modern I{D|P}Ss. 2. What types of tricks can we do with metasploit to evade I{D|P}Ss (and get it documented) 3. Solidifying, and expanding Renaud Bidou's good work on the subject 4. Nail down Firewall/IDS testing specifics for packet crafting tools like: * hping * scapy * rubyforger * isic * nemesis * Paketto Keritsu If you are interested in working on this send me an email. Won't be able to start for a week or two, but I can start getting the attack host and some targets ready during that time. We'll all figure out how we want to build/configure the test network. -- Joe McCray Toll Free: 1-866-892-2132 Email: joe () learnsecurityonline com Web: https://www.learnsecurityonline.com Learn Security Online, Inc. * Security Games * Simulators * Challenge Servers * Courses * Hacking Competitions * Hacklab Access
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- IDS/IPS Evasion Research Project Joseph McCray (Oct 09)
- Re: IDS/IPS Evasion Research Project crazy frog crazy frog (Oct 10)
- Re: IDS/IPS Evasion Research Project Jerome Athias (Oct 10)