RE: Network Intrusion Generater

From: Shripal Meghani (meghani@nsecure.net)
Date: 08/13/02


From: "Shripal Meghani" <meghani@nsecure.net>
To: <security-basics@securityfocus.com>
Date: Tue, 13 Aug 2002 11:00:22 +0530


| hi, everyone
| I have this idea in mind for qutie sometime but i am not sure
| whether it is
| feasible technically.
|
| I am thinking of building a virtual network intrusion generater.
| The reason
| i call it virtual is that it does not attack any real target.
| What it did is
| attack a non-existant IP/Host and generate all the necesary packets.
| Meanwhile the local IDS will block all these packets and capture them for
| studying and analyizing.

[shrip] I am not sure about what you are trying to achieve by doing this,
but you can generate packets and inject them into the network by using some
of the available libraries. You can obviously generate packets with fake IP
addresses, it does not matter whether they exist or not. There is the risk
that they may be dropped somewhere along the way.
Now, the question is, that if you are generating the packets, then why do
you want your IDS to capture them for analysis??



Relevant Pages

  • Re: Update: UDP 770 Potential Worm
    ... > were no packets indicating some form of replication. ... > my capture was limited due to the switched ... to see if the problem occurs on the test network, ... The proxy had already been isolated from the ...
    (Incidents)
  • Re: Continuous internet activity
    ... IP address out of the exercise (dest address for the packets). ... starts the capture. ... Wireshark is not running, and then it is "safe" to transmit ... There is a small probability of a networking problem, ...
    (alt.comp.hardware.pc-homebuilt)
  • Re: Auditing / Logging
    ... to explicitly set these values and capture the text output seperately. ... The key is that dumping anything to console or making tcpdump generate ... wants in order to capture full packets, save them to disk, and go ...
    (Pen-Test)
  • flooding an embedded device with isic and tcpreplay causing different results
    ... I'm trying to force a reload of an embedded SOHO router/NAT Gateway. ... now I wondering why the tcpreplay attack don't f*** up the SOHO. ... The tcpdump isn't complete because of "dropped by kernel" packets - ... listening on eth0, link-type EN10MB, capture size ...
    (Pen-Test)
  • [TOOL] RPCAP, Remote Packet Capture System
    ... RPCAP is a Remote Packet Capture system. ... and uplink the captured packets to another ... the server which captures network traffic on a remote system, ... and a client, which receives and processes these packets. ...
    (Securiteam)