[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-disclosure] Does anyone know about TCP-Replay attacks?
- To: "Vladamir" <wireless.insecurity@xxxxxxxxx>, "ADT" <synfinatic@xxxxxxxxx>
- Subject: RE: [Full-disclosure] Does anyone know about TCP-Replay attacks?
- From: "Kumar,Ratna" <rakumar@xxxxxxxxxxxxxxxxxxx>
- Date: Tue, 22 Mar 2005 10:28:08 +0530
there are many ways for ids evasion.
first of all,on what IDS system you are work????ing
-----Original Message-----
From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx
[mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx]On Behalf Of Vladamir
Sent: Tuesday, March 22, 2005 10:25 AM
To: ADT
Cc: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Does anyone know about TCP-Replay
attacks?
Actually I was wondering about the process of a TCP replay attack, I am
aware of the program "TCP replay" I was hoping for information on IDS
evasion techniques.
Sorry for the vagueness
ADT wrote:
> Hey Vladamir,
>
> You're being a bit vague regarding your question. When people talk
> about "tcp replay" attacks and testing an IDS they're usually asking
> about one of two things:
>
> 1) how to use tcpreplay to test an IDS's detection abilities
>
> or
>
> 2) About breaking the tcp stream by injecting old/out of order/broken
> packets to try to evade an IDS
>
> Perhaps you could give some context and better explain what you're
> trying to do? Btw, if you want to learn about how to use tcpreplay,
> there is extensive documentation on the tcpreplay website.
>
> -ADT
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/