Free Preparation Discussions
MENU
GAQM Exam CPEH-001 Topic 3 Question 100 Discussion
Topic #: 3
Most NIDS systems operate in layer 2 of the OSI model. These systems feed raw traffic into a detection engine and rely on the pattern matching and/or statistical analysis to determine what is malicious. Packets are not processed by the host's TCP/IP stack allowing the NIDS to analyze traffic the host would otherwise discard. Which of the following tools allows an attacker to intentionally craft packets to confuse pattern-matching NIDS systems, while still being correctly assembled by the host TCP/IP stack to render the attack payload?
fragroute intercepts, modifies, and rewrites egress traffic destined for a specified host, implementing most of the attacks described in the Secure Networks 'Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection' paper of January 1998. It features a simple ruleset language to delay, duplicate, drop, fragment, overlap, print, reorder, segment, source-route, or otherwise monkey with all outbound packets destined for a target host, with minimal support for randomized or probabilistic behaviour. This tool was written in good faith to aid in the testing of network intrusion detection systems, firewalls, and basic TCP/IP stack behaviour.
Olive
2 months agoSabra
24 days agoShawnta
1 months agoEmiko
1 months agoShenika
1 months agoLashaunda
2 months agoKristin
22 days agoDexter
25 days agoBok
26 days agoArletta
1 months agoCory
1 months agoEmmanuel
2 months agoReita
2 months agoAlecia
25 days agoNina
26 days agoNell
28 days agoVincenza
29 days agoNicolette
1 months agoDan
2 months agoAlyssa
2 months agoPatria
2 months agoMeaghan
2 months agoHan
3 months ago