stealth network analysis techniques

Discussion in 'Computer Security' started by dfox138, Jan 11, 2006.

  1. dfox138

    dfox138 Guest

    I read at www.taosecurity.com that it could offer a course on Network
    Stealth techniques. These techniques allow assessors or analysts to
    bypass IDS, IPS, firewall, and other security measures.

    Any info or pointers on these techniques are appreciated.

    Thanks,

    DF
     
    dfox138, Jan 11, 2006
    #1
    1. Advertisements

  2. dfox138

    Donnie Guest

    ################################
    I looked at the page that decribes the training and it really didn't look
    like a HOWTO on bypassing firewalls and detection systems. It seemed to be
    offering defensive and forensic techniques instead.
    http://www.honeynet.org/challenge/
    Take a look at that site for forensic info and try your hand at their
    monthly challenge. A unix box is really needed for that.
    www.phrack.org
    Phrack has plenty of info on buffer overflows and other hacking techniques
    that are more up to date then most of the hacking texts on the net. As
    detection systems and firewalls get better along w/ networks being NATed,
    more programming knowledge is needed to write programs that will do function
    calls to the software behind the firewall.
    Have fun,
    donnie.
     
    Donnie, Jan 11, 2006
    #2
    1. Advertisements

  3. dfox138

    Winged Guest

    Hrrrmm, be a good trick. Be interested to see how this could be
    accomplished without detection.

    Winged
     
    Winged, Jan 12, 2006
    #3
  4. dfox138

    TwistyCreek Guest

    Ok, that was probably one of the dumbest things I've seen posted to Usenet
    in a while. Sorta like saying you'd like to see someone make a sandwich
    using bread.

    Bypassing security MEANS you're not detected. If you're accomplishing it,
    you're not being detected. If you're detected, you're not accomplishing it.
     
    TwistyCreek, Jan 12, 2006
    #4
  5. dfox138

    Winged Guest

    Our assessors or those testing our network security, would always alert
    those with the IDS etc of their activity. Then we would ignore their
    activities.

    While I am aware of a number of ways to "stealth" attack. I believe we
    have reasonably covered our bases to eliminate non-detection. Even if
    the attack were occurring via SLL not only would we see the activity but
    are able to read the SSL session. Yes it is possible to encrypt using
    non-standard encryption methods (been there done that) but this too
    raises flags and tends to cause an automatic block of the communication
    and ring bells.

    This individual asked how to penetrate a network, from outside the
    firewalls undetected. If I knew how to do this, it would be fixed. Yes
    one might try to penetrate to DMZ and perhaps jump off a server, though
    tripwire might be an issue... But even inside the DMZ (assuming success
    and avoiding various monitoring pieces) it still would not get them past
    other boundaries "undetected". We have penetration tests yearly.
    Typically as part of the pen testing we have to "let" them in to the
    next level to pen test from there. The most significant success of the
    pen testers is taking or copying a client after hours. Theft is very
    difficult to stop in large environments. But I have yet to see a
    penetration without detection...shrugs but I guess I wouldn't know but
    professional pen testers have yet to accomplish it undetected.

    It is possible if a trusted host outside were compromised they could
    penetrate inside but once they launched from that server, activities
    would not be undetected.

    Unless the user has already accomplished complete footprinting the
    network in question and had significant inside knowledge I do not
    believe it could be done. Bypassing any single device including most
    firewalls is relatively easy, but undetected??? Even inside one of the
    firewall boundaries as a domain user it would be very problematic. Even
    as one of the administrators doing inappropriate activities across the
    network would induce challenges as no single administrator has the
    resources to bypass all the required security precautions undetected.
    Sometimes administrators are bad folks too.

    I am familiar with ways to bypass various single pieces, but I have no
    idea how one could do this "undetected" by all of the layers successfully.

    If I had an idea I would ensure it were fixed to the best of my ability
    and I highly doubt I would publish the "how to" on UseNet.

    The undetected part...yeah...thats the pickle.

    Winged
     
    Winged, Jan 13, 2006
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.