Contenu connexe
Similaire à null Pune meet - Understanding TCP/IP and Network Intrusion (20)
Plus de n|u - The Open Security Community (20)
null Pune meet - Understanding TCP/IP and Network Intrusion
- 14. Idle Scan Host Zombi Target Idle scan completes Probe packet (SYN) IPID =43210 SYN/ACK SrcIP = Zombi/Port = 80 (SYN) SYN/ACK RST, IPID = 43211 IPID =43212 SYN/ACK
- 15. Exploiting Exchange XEXCH50 -1 2 Exploit Blocked MS05-043 HOST Exchange Server XEXCH50 -1 2 IPS/IDS IF “ XEXCH50 -1 2” DROP XEXCH50 -1 2
- 16. Evasion Techniques XEXCH50 -1 2 MS05-043 IP Fragmentation HOST Exchange Server XEXCH50 TTL = 10 XEXCH50 TTL = 9 -1 2 TTL = 10 -1 2 TTL = 9 IPS/IDS IF “ XEXCH50 -1 2” DROP
- 17. Evasion Techniques TTL Expired XEXCH50 -1 2 MS05-043 Resultant String “XEXCH50 JUNK -1 2” Traffic Insertion HOST Exchange Server XEXCH50 TTL = 10 XEXCH50 TTL = 9 JUNK TTL = 1 -1 2 TTL = 10 -1 2 TTL = 9 IPS/IDS IF “ XEXCH50 -1 2” DROP