Bypassing Network Security: Evading IDSs, Honeypots, and Firewalls
IDS vs IPS Use packet sniffers Host Based vs Network Based Signature Based vs Anomaly Based
Bypassing an IDS Change the traffic (eg: HTTP instead of ICMP) Session Splicing Inserting extra data Obfuscating addresses Use encryption Session hijacking
ADMutate Rewrites a script Snort Real-time packet sniffer HIDS traffic-logging tool Both Linux and Windows
Firewalls: Hardware vs Software Honeypots Specter, KFSensor, Nessus Bypassing honeypots Reverse www shell Compromise an internal system that connects via port 80 to hacker’s system Use anti-honeypot software to warn of honeypot systems
Honeypot Study Guide: ts/study.php ts/study.php