Home page logo

pen-test logo Penetration Testing mailing list archives

RE: AppScan and IDS evasion
From: Marco Ivaldi <raptor () mediaservice net>
Date: Mon, 30 Jun 2008 17:07:52 +0200 (ora solare Europa occidentale)

Hi pen-testers,

On Sun, 29 Jun 2008, admin () systemstates net wrote:

If you need to establish a TCP session, it's pretty hard these days to
spoof the source address - unless you own bits of the routing
infrastructure between the spoofed endpoint and the target. As you say,
you could use proxying to get round this.

For the record, last time I checked it was still possible to spoof the source IP address using some dial-up ISP which didn't bother to properly do their egress filtering -- at least here in Italy.

56Kbps are more than enough for tasks such as triggering an IPS "defense", bypassing filters on SNMP, exploiting weak TCP ISN generators, etc.

Marco Ivaldi, OPST
Red Team Coordinator      Data Security Division
@ Mediaservice.net Srl    http://mediaservice.net/

This list is sponsored by: Cenzic

Top 5 Common Mistakes in Securing Web Applications
Get 45 Min Video and PPT Slides


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]