Re: IDS evasion && testing

From: Marco de Vivo [UCV] (mdevivo@reacciun.ve)
Date: Sat Apr 06 2002 - 14:59:36 EST


Hi ph00dy,

Try this excellent paper:

'Insertion, Evasion, and Denial of Service: Eluding Network Intrusion
Detection'
by

Thomas H. Ptacek
tqbf@securenetworks.com

Timothy N. Newsham
newsham@securenetworks.com

Secure Networks, Inc.
January, 1998

Paper's URL:

http://www.robertgraham.com/mirror/Ptacek-Newsham-Evasion-98.html

Marco

//////////////////////////////////////////////////////////////////

At 5:22 pm -0500 4/4/02, you wrote:
->Hey *,
-> I am looking for good information on defeating/testing NIDS. I have
->tryed some "alert overflowing", and sending some attacks/scans very slowly
->to see what the results are, but I imagine there is someone who has done
->more of this sort of testing that knows something I don't. Any experience,
->Ideas, papers etc.. would be helpful.
->
->
->Thanks..
-> ph00dy
->
->
->
->
->----------------------------------------------------------------------------
->This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
->Service. For more information on SecurityFocus' SIA service which
->automatically alerts you to the latest security vulnerabilities please see:
->https://alerts.securityfocus.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:20 EDT