OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: sidestep (was RE: Fooling NIDS)
From: Patrick Mueller (pmuellerNEOHAPSIS.COM)
Date: Thu Dec 07 2000 - 10:31:50 CST

So, you mention (on the web page) that sidestep has nothing to do with
IP/TCP fragmention. The obvious question is, what does it do?? I also see
that you're going to be writing a report in January, but in the mean time,
could you give us an idea? Thanks..

        -- Patrick

On Tue, 5 Dec 2000, Robert Graham wrote:

> BTW, I've been working on an IDS evasion program for awhile. It is
> (temporarily) at:
> http://www.robertgraham.com/tmp/sidestep.html
>
> It does many non-fragrouter IDS evasion techniques. I think most evade
> Snort, but I haven't had a chance to test them out yet. Anyway, I plan on
> writing a more formal paper in January; I was hoping people could run it
> against their favorite NIDS and tell me how it worked. I think most can now
> handle the HTTP evasion technique, and I know ISS can handle the SNMP
> evasion technique, but I'd like to hear more about other NIDS.
>
> Robert Graham
> CTO/Network ICE
>
> PS: in case you were wondering, it doesn't evade BlackICE Sentry :-), but
> that should go without saying.
>
>
> _________________________________________________________
> Do You Yahoo!?
> Get your free yahoo.com address at http://mail.yahoo.com
>
>