Re: stateful attacks for hostbased NIDS

From: Colonel Flagg (
Date: 05/23/03

Date: Thu, 22 May 2003 23:07:59 -0400

In article <b5bza.11437$>,
> Hi!
> I got to implement NIDS functionality into the lwip [1] tcp/ip stack for a
> host based system.
> Therefore i would need some well known attacks that can be matched by a
> statefull inspection (e.g. syn flooding). The name of the attack would be
> sufficient to get more information from google.
> Thanks for help!
> [1]
> --
> Franz Bacher
> Student of Telecommunication & Computer Science
> @ Graz University of Technology
> e-Mail:

nessus and satan are a couple examples of scanners that test for
exploits that will simulate different attack scenarios.

I believe nmap should set off several alerts, depending on the switches
used. nt users may be a bit more inclined to use the gui version (blech)

Colonel Flagg
Privacy at a click: 
Wanna ask a question in Usenet?
Everything about Usenet answered:
America WILL NOT forget 9-11-01