Network Intrusion Generater

From: Rick Zhong (isc00801@nus.edu.sg)
Date: 08/12/02

• Previous message: Peter V.E.: "Re: Lotus Notes - Is this a bad thing?"
• In reply to: Sean Knox: "Re: How Strong is PPTP connection over the internet..."
• Next in thread: Security Leo: "Re: Network Intrusion Generater"
• Reply: Security Leo: "Re: Network Intrusion Generater"
• Reply: Blake R. Swopes: "RE: Network Intrusion Generater"
• Reply: special_k: "RE: Network Intrusion Generater"
• Reply: Tom Stowell: "Re: Network Intrusion Generater"
• Reply: Shripal Meghani: "RE: Network Intrusion Generater"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "Rick Zhong" <isc00801@nus.edu.sg>
To: <security-basics@securityfocus.com>, <honeypots@securityfocus.com>, <slugnet@lists.lugs.org.sg>
Date: Mon, 12 Aug 2002 18:54:25 +0800

hi, everyone
I have this idea in mind for qutie sometime but i am not sure whether it is
feasible technically.

I am thinking of building a virtual network intrusion generater. The reason
i call it virtual is that it does not attack any real target. What it did is
attack a non-existant IP/Host and generate all the necesary packets.
Meanwhile the local IDS will block all these packets and capture them for
studying and analyizing.

Up to now, i find that it's quite impossible to generate packets against a
non-existing IP/Host. (i am not very sure yet hope to get your comment .)

So the alternative way i am thinking is using real target IP and
block/capture the outgoing packets before they are released to the network.
Please comment and give any advice or suggestions you are thinking of. Also
any related info (like blocking outgoing packets etc.) are greatly
appreciated. Thank you.

regards,
Rick

---

• Previous message: Peter V.E.: "Re: Lotus Notes - Is this a bad thing?"
• In reply to: Sean Knox: "Re: How Strong is PPTP connection over the internet..."
• Next in thread: Security Leo: "Re: Network Intrusion Generater"
• Reply: Security Leo: "Re: Network Intrusion Generater"
• Reply: Blake R. Swopes: "RE: Network Intrusion Generater"
• Reply: special_k: "RE: Network Intrusion Generater"
• Reply: Tom Stowell: "Re: Network Intrusion Generater"
• Reply: Shripal Meghani: "RE: Network Intrusion Generater"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Network Intrusion Generater ... Rick Zhong wrote: ... >attack a non-existant IP/Host and generate all the necesary packets. ... >block/capture the outgoing packets before they are released to the network. ... (Security-Basics) Re: Network Intrusion Generater ... i call it virtual is that it does not attack any real target. ... attack a non-existant IP/Host and generate all the necesary packets. ... Meanwhile the local IDS will block all these packets and capture them ... block/capture the outgoing packets before they are released to the ... (Security-Basics) Virtula miniport driver(NDIS) ... I have written a virtual network driver.I ... want to pass the packets that i receive in miniportsend of virtual network ... driver to a network driver so that it can reach the destination. ... (microsoft.public.development.device.drivers) Re: Networks and wireless etc ... > source address indicated in outgoing packets on that socket, ... > be the destination address on incoming packets for that socket. ... The SYN packet and the rest of outgoing traffic goes from A2. ... (microsoft.public.win32.programmer.networks) iptables rules on UID owner ... logs outgoing packets according to owner. ... 75 3479 RETURN all any eth0 anywhere anywhere OWNERUID match root ... Is this a good idea to only allow outgoing packets belonging to ... (comp.os.linux.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > security-basics  > 2002-08