Re: stateful attacks for hostbased NIDS
From: Colonel Flagg (colonel_flagg_at_NOSOUPFORJ00internetwarzone.org)
Date: Thu, 22 May 2003 23:07:59 -0400
In article <b5bza.11437$AS6.firstname.lastname@example.org>, email@example.com
> I got to implement NIDS functionality into the lwip  tcp/ip stack for a
> host based system.
> Therefore i would need some well known attacks that can be matched by a
> statefull inspection (e.g. syn flooding). The name of the attack would be
> sufficient to get more information from google.
> Thanks for help!
>  www.sics.se/~adam/lwip/
> Franz Bacher
> Student of Telecommunication & Computer Science
> @ Graz University of Technology
> e-Mail: firstname.lastname@example.org
nessus and satan are a couple examples of scanners that test for
exploits that will simulate different attack scenarios.
I believe nmap should set off several alerts, depending on the switches
used. nt users may be a bit more inclined to use the gui version (blech)
-- Colonel Flagg http://www.internetwarzone.org/ Privacy at a click: http://www.cotse.net Wanna ask a question in Usenet? http://www.tuxedo.org/~esr/faqs/smart-questions.html Everything about Usenet answered: http://www.internetwarzone.org/answers.html America WILL NOT forget 9-11-01