Network Security: Detailed info on Re: Port Scanning.

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Pen-Test

[Top] [All Lists]

Re: Port Scanning.

from [robert] Network Security

[Permanent Link]

Subject:	Re: Port Scanning.
Date:	Wed, 22 Dec 2004 12:47:12 -0800

robert@dyadsecurity.com(robert@dyadsecurity.com)@Wed, Dec 22, 2004 at

The only thing that isn't currently easy to do is TCP full connection
payload injection from spoofed IP's.  We're working on a way to do
that though :).


I know it's bad form to follow up on your own post...  What I was
talking about in the last email was a way to actually introduce the TCP
3-way handshake (connection) payload stimulous to the remote IP from a
spoofed source.  This is currently difficult on modern stacks.

However, many IPS/IDS's don't keep track of state, and you can actually
get the PSH/ACK TCP payload to trigger many IPS's from spoofed sources
now. By skipping the 3-way-handshake, the remote IP will obviously not
treat it as part of an established connection, but if IPS trigger DoS
was your goal, who cares.

Robert

-- 
Robert E. Lee
CTO, Dyad Security, Inc.
W - http://www.dyadsecurity.com
E - robert@dyadsecurity.com
M - (949) 394-2033

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Port Scanning., Faisal Khan Re: Port Scanning., robert Message not available Re: Port Scanning., robert Message not available Re: Port Scanning., robert Re: Port Scanning., robert <= Re: Port Scanning., Delron Troy Re: Port Scanning., Jeffrey Denton Re: Port Scanning., miguel . dilaj Message not available Re: Port Scanning., Faisal Khan RE: Port Scanning., Piskovatskov, Alexey RE: Port Scanning., rzaluski Re: Port Scanning., Martin Mačok RE: Port Scanning., miguel . dilaj RE: Port Scanning., Faisal Khan Re: Port Scanning., infosecgod

Previous by Date:	RE: VPN protocols, Keith Pachulski
Next by Date:	RE: [in] VPN protocols, Curt Purdy
Previous by Thread:	Re: Port Scanning., robert
Next by Thread:	Re: Port Scanning., Delron Troy
Indexes:	[Date] [Thread] [Top] [All Lists]