Re: Core Impact references

From: ADT (synfinatic_at_gmail.com)
Date: 11/11/05

  • Next message: Ivan Arce: "Re: Core Impact references"
    Date: Fri, 11 Nov 2005 11:27:56 -0800
    To: pen-test <pen-test@securityfocus.com>
    
    

    If you're going to go through the effort of capturing/replaying
    traffic, you could also use tcpreplay. While it doesn't have a pretty
    gui, it offers basically the same functionality for free.

    Honestly though, if you want to actually use CI against a set of
    hosts, then neither tcpreplay or Traffic IQ would seem to be up to the
    task since they're stateless and unable to establish TCP sessions to a
    target (both are designed to test inline firewalls/IPS or passive
    devices like IDS). Flowreplay (part of tcpreplay 3.x) is supposed to
    fill that gap, but is still alpha quality at best right now.

    On 11/10/05, Tony Haywood <thaywood@karalon.com> wrote:
    > Jason,
    >
    > Traffic IQ Pro has the ability to set a delay on a per packet or per traffic
    > file basis by up to 1 hour in minute, second and millisecond increments.
    >
    > If you are already using Core Impact but it is not providing this capability
    > then you could capture the output and import the captures into Traffic IQ
    > for replay.

    ------------------------------------------------------------------------------
    Audit your website security with Acunetix Web Vulnerability Scanner:

    Hackers are concentrating their efforts on attacking applications on your
    website. Up to 75% of cyber attacks are launched on shopping carts, forms,
    login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
    futile against web application hacking. Check your website for vulnerabilities
    to SQL injection, Cross site scripting and other web attacks before hackers do!
    Download Trial at:

    http://www.securityfocus.com/sponsor/pen-test_050831
    -------------------------------------------------------------------------------


  • Next message: Ivan Arce: "Re: Core Impact references"

    Relevant Pages

    • Re: Testing IDS with tcpreplay
      ... why is that harder to accomplish with Metasploit than with tcpreplay? ... Also what about attacks that Metasploit ... What is the different between "real exploit runs" vs. "replaying ...
      (Focus-IDS)
    • RE: Testing IDS with tcpreplay
      ... Verify that the exploit can compromise a host ... tcpreplay can be used, but it has some serious limitations. ... attacks get stopped the way they should. ... IDS works if you use real attacks with real obfuscation techniques. ...
      (Focus-IDS)
    • RE: Testing IDS with tcpreplay
      ... protocol based attacks have to be tested. ... I would say tcpreplay along with real time exploits/tools is the best ... a library of pcaps. ...
      (Focus-IDS)
    • Re: IDS Informer
      ... >>tcpreplay to record and replay the attacks onto a static wire later on, ... Tcpreplay does not replay traffic through a switch. ... They that can give up essential liberty to obtain a little temporary safety ...
      (Focus-IDS)