Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Re: Stick DOS
From: David Brumley <dbrumley () RTFM STANFORD EDU>
Date: Fri, 9 Mar 2001 11:32:32 -0800
Stick will not be released anytime soon for the exception of IDS vendors.
Snort causes a problem because releasing the code to snort is basically
releasing the code openly.  The posting I am responding to was the result of
a FOUO that was sent out.


Uh, your tool sounds awefully close to my RID, which has a  full
configuration language for generating arbitrary packets (RID also
listens for responses, though).  More, RID also uses lex and yacc.

Generating random packets to make an IDS puke doesn't seem all that
interesting to me.  It's akin to the old school trick of ringing your
neighbors doorbell and running away.  nmap, for example, has had the
decoy option for a long time.  It can be used similarily to make an
IRT follow false paths.

Am I missing the point here?

cheers,
-david
--
#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#
David Brumley - Stanford Computer Security -   dbrumley at Stanford.EDU
Phone: +1-650-723-2445           WWW: http://www.stanford.edu/~dbrumley
Fax:   +1-650-725-9121  PGP: finger dbrumley-pgp at sunset.Stanford.EDU
#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#
Life is a whim of several billion cells to be you for a while.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]