Re: [Full-disclosure] Does anyone know about TCP-Replay attacks?

From: Vladamir (wireless.insecurity_at_gmail.com)
Date: 03/22/05

  • Next message: Kumar,Ratna: "RE: [Full-disclosure] Does anyone know about TCP-Replay attacks?"
    Date: Mon, 21 Mar 2005 23:54:31 -0500
    To: ADT <synfinatic@gmail.com>
    
    

    Actually I was wondering about the process of a TCP replay attack, I am
    aware of the program "TCP replay" I was hoping for information on IDS
    evasion techniques.

    Sorry for the vagueness

    ADT wrote:
    > Hey Vladamir,
    >
    > You're being a bit vague regarding your question. When people talk
    > about "tcp replay" attacks and testing an IDS they're usually asking
    > about one of two things:
    >
    > 1) how to use tcpreplay to test an IDS's detection abilities
    >
    > or
    >
    > 2) About breaking the tcp stream by injecting old/out of order/broken
    > packets to try to evade an IDS
    >
    > Perhaps you could give some context and better explain what you're
    > trying to do? Btw, if you want to learn about how to use tcpreplay,
    > there is extensive documentation on the tcpreplay website.
    >
    > -ADT
    >
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/


  • Next message: Kumar,Ratna: "RE: [Full-disclosure] Does anyone know about TCP-Replay attacks?"

    Relevant Pages

    • Re: [Full-disclosure] Does anyone know about TCP-Replay attacks?
      ... about "tcp replay" attacks and testing an IDS they're usually asking ... packets to try to evade an IDS ... Btw, if you want to learn about how to use tcpreplay, ...
      (Full-Disclosure)
    • Re: Testing IDS with tcpreplay
      ... why is that harder to accomplish with Metasploit than with tcpreplay? ... If you are testing you IDS you'd like to know that it accurately detects ... Also what about attacks that Metasploit ...
      (Focus-IDS)
    • Re: TippingPoint Releases Open Source Code for FirstIntrusionPrev ention Test Tool, Tomahawk
      ... I didn't mean to imply that tcpreplay was not useful, ... some pcaps in front of a device and seeing what it reports. ... > testing of IDS or IPS. ... > Find out quickly and easily by testing it with real-world attacks from ...
      (Focus-IDS)
    • Re: Test scripts for NIDS
      ... If you're using tcpreplay for performance testing, ... >> packets and they are being dropped? ... > the IDS catches everything. ... > increasing speeds until the IDS output changes (usually by failing to detect ...
      (Pen-Test)
    • Re: Testing IDS with tcpreplay
      ... IDS works if you use real attacks with real obfuscation techniques. ... Metasploit is a great tool for this. ... why is that harder to accomplish with Metasploit than with tcpreplay? ...
      (Focus-IDS)