[prev in list] [next in list] [prev in thread] [next in thread]
List: pen-test
Subject: Re: Port Scanning.
From: robert () dyadsecurity ! com
Date: 2004-12-22 20:47:12
Message-ID: 20041222204712.GA12782 () 5002 ! rapturesecurity ! org
[Download RAW message or body]
robert@dyadsecurity.com(robert@dyadsecurity.com)@Wed, Dec 22, 2004 at
> The only thing that isn't currently easy to do is TCP full connection
> payload injection from spoofed IP's. We're working on a way to do
> that though :).
I know it's bad form to follow up on your own post... What I was
talking about in the last email was a way to actually introduce the TCP
3-way handshake (connection) payload stimulous to the remote IP from a
spoofed source. This is currently difficult on modern stacks.
However, many IPS/IDS's don't keep track of state, and you can actually
get the PSH/ACK TCP payload to trigger many IPS's from spoofed sources
now. By skipping the 3-way-handshake, the remote IP will obviously not
treat it as part of an established connection, but if IPS trigger DoS
was your goal, who cares.
Robert
--
Robert E. Lee
CTO, Dyad Security, Inc.
W - http://www.dyadsecurity.com
E - robert@dyadsecurity.com
M - (949) 394-2033
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic