Free Preparation Discussions
MENU
GAQM Exam CPEH-001 Topic 3 Question 100 Discussion
Topic #: 3
Most NIDS systems operate in layer 2 of the OSI model. These systems feed raw traffic into a detection engine and rely on the pattern matching and/or statistical analysis to determine what is malicious. Packets are not processed by the host's TCP/IP stack allowing the NIDS to analyze traffic the host would otherwise discard. Which of the following tools allows an attacker to intentionally craft packets to confuse pattern-matching NIDS systems, while still being correctly assembled by the host TCP/IP stack to render the attack payload?
fragroute intercepts, modifies, and rewrites egress traffic destined for a specified host, implementing most of the attacks described in the Secure Networks 'Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection' paper of January 1998. It features a simple ruleset language to delay, duplicate, drop, fragment, overlap, print, reorder, segment, source-route, or otherwise monkey with all outbound packets destined for a target host, with minimal support for randomized or probabilistic behaviour. This tool was written in good faith to aid in the testing of network intrusion detection systems, firewalls, and basic TCP/IP stack behaviour.
Olive
28 days agoSabra
21 hours agoShawnta
9 days agoEmiko
10 days agoShenika
14 days agoLashaunda
1 months agoDexter
2 days agoBok
3 days agoArletta
9 days agoCory
10 days agoEmmanuel
1 months agoReita
1 months agoAlecia
2 days agoNina
3 days agoNell
5 days agoVincenza
6 days agoNicolette
17 days agoDan
26 days agoAlyssa
29 days agoPatria
1 months agoMeaghan
2 months agoHan
2 months ago