"Pierce, John (ISSAtlanta)" wrote:
> There is one other thing that I would like to point out- this tool
> is not effective as IDS evasion. Stick is a very loud flooder and therefore
> not useful in evasion. Any security admin worth his/her salt will know that
> something is up as soon as they see you banging on the door. This is akin
> to setting a house on fire to distract someone while you break in. The real
> danger in this tool is that, just like any other flooder, it can be used to
> cause a DOS on the target network. This is why bandwidth becomes a
> consideration.
I think, as has already pointed out, that the effect of this tool is not on
the sensor, it is on the operator, the person that has to read and react.
If the operator gets too many alarms, then the purpose is achieved.

Hervé

--
Hervé Debar                        <mailto:herve.debarfrancetelecom.com>
Tel: +33 (0)2 31 75 92 61                       Fax: +33 (0)2 31 75 93 13
France Télécom R&D / 42 rue des Coutures / BP 6243 / F-14066 Caen Cedex 4

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]