mmclaughlinSILVERBACKTECH.COM

• Next message: Teicher, Mark: "Re: network based IDS"
• Previous message: Robert Graham: "sidestep (was RE: Fooling NIDS)"
• In reply to: Robert Graham: "sidestep (was RE: Fooling NIDS)"
• Next in thread: Patrick Mueller: "Re: sidestep (was RE: Fooling NIDS)"
• Next in thread: Jon Gary: "Re: Fooling NIDS"
• Reply: Mark McLaughlin: "Re: sidestep (was RE: Fooling NIDS)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: MD5

Hello,

Tuesday, December 05, 2000, 10:47:01 PM, you wrote:

RG> BTW, I've been working on an IDS evasion program for awhile. It is
RG> (temporarily) at:
RG> http://www.robertgraham.com/tmp/sidestep.html

In your description of sidestep.exe you mention that you "know only two network
IDSs that correctly resolve overlapping TCP or IP fragments on a
per-host basis."

I would imagine that Black Ice is one, what is the other?

- -Mark

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQEVAwUAOi7/yMnEFVVI7KKjAQE1wQf+KCyvvmPM3CYv2uDpyXP7AY2PJVjuGPV3
GbuhsTcHEafXvtVgcNkIYslUARwcSzabg7Hv4E+7wCoWd/20AVkmPK/8xguaHgiK
czq+R6tG6PK0tWc4AwpmneOxK2nOZayZ2/OIJA1gOZAT8EfFusURdiDsAbUpTxkX
kgu5wTv1Jy7MimZGn0YeXbW+UQXmZxVo5yDegzVkb9uVu/j+ubL0K9r6qez8j9XL
/APvGMmpCbIBw7LD/vRppsizyhdIe89oHraljV3GQAj+62P3vXxB2TzCg3WGngig
ImVjrk/+CKGYPe8XqTuHYTC24kBaQJlAV763N3dP93kHjH5mPb15NQ==
=m4aP
-----END PGP SIGNATURE-----

• Next message: Teicher, Mark: "Re: network based IDS"
• Previous message: Robert Graham: "sidestep (was RE: Fooling NIDS)"
• In reply to: Robert Graham: "sidestep (was RE: Fooling NIDS)"
• Next in thread: Patrick Mueller: "Re: sidestep (was RE: Fooling NIDS)"
• Next in thread: Jon Gary: "Re: Fooling NIDS"
• Reply: Mark McLaughlin: "Re: sidestep (was RE: Fooling NIDS)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]