Re: stateful attacks for hostbased NIDS

From: Colonel Flagg (colonel_flagg_at_NOSOUPFORJ00internetwarzone.org)
Date: 05/23/03


Date: Thu, 22 May 2003 23:07:59 -0400

In article <b5bza.11437$AS6.153739@news.chello.at>, franz.bacher@a1.net
says...
> Hi!
>
> I got to implement NIDS functionality into the lwip [1] tcp/ip stack for a
> host based system.
> Therefore i would need some well known attacks that can be matched by a
> statefull inspection (e.g. syn flooding). The name of the attack would be
> sufficient to get more information from google.
>
> Thanks for help!
>
> [1] www.sics.se/~adam/lwip/
>
> --
> Franz Bacher
> Student of Telecommunication & Computer Science
> @ Graz University of Technology
> e-Mail: franz.bacher@a1.net
>
>
>
>

nessus and satan are a couple examples of scanners that test for
exploits that will simulate different attack scenarios.

I believe nmap should set off several alerts, depending on the switches
used. nt users may be a bit more inclined to use the gui version (blech)
;p

-- 
Colonel Flagg
http://www.internetwarzone.org/
Privacy at a click:
http://www.cotse.net 
Wanna ask a question in Usenet?
http://www.tuxedo.org/~esr/faqs/smart-questions.html
Everything about Usenet answered:
http://www.internetwarzone.org/answers.html
America WILL NOT forget 9-11-01