LightBlog

Wednesday, 16 December 2020

Kali Linux Tutorials: Information Gathering - IDS/IPS Identification

kali-linux-information-gathering-tools

Kali Linux Tutorials: Information Gathering - IDS/IPS Identification Tools

  • fragroute
  • fragrouter
  • wafw00f


fragroute 


Description - fragroute intercepts, modifies and rewrites egress traffic destined for a specified host.


It features a simple ruleset language to delay, duplicate, drop, fragment, overlap, print, reorder, segment, source-route, or otherwise monkey with all outbound packets destined for a target host, with minimal support for randomized or probabilistic behavior.


This tool was written in good faith to aid in the testing of network intrusion detection systems, firewalls, and basic TCP/IP stack behavior.


Unlike fragrouter, this program only affects packets originating from the local machine destined for a remote host. Do not enable IP forwarding on the local machine.


USAGE# fragroute [-f file] <host>


EXAMPLE# fragroute 192.168.123.233


fragrouter


Description Fragrouter is a network intrusion detection evasion toolkit. It implements most of the attacks

described in the Secure Networks "Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection"

the paper of January 1998.


This program was written in the hopes that a more precise testing methodology might be applied to the area of

network intrusion detection, which is still a black art at best.


To test your firewall(s) using fragrouter , you will need two systems in addition to your firewall/packet filter. This is

because fragrouter cannot by design be run on the same system from which you're testing (according to the

documentation, this is to prevent abuse).


USAGE fragrouter [options]


EXAMPLE fragrouter -F1


wafw00f


Description - Web Application Firewalls (WAFs) can be detected through stimulus/response testing scenarios. Here is a short

listing of possible detection methods:


  • Cookies: Some WAF products add their own cookie in the HTTP communication.
  • Server Cloaking: Altering URLs and Response Headers
  • Response Codes: Different error codes for hostile pages/parameters values
  • Drop Action: Sending a FIN/RST packet (technically could also be an IDS/IPS)
  • Pre Built-In Rules: Each WAF has different negative security signatures


WafW00f is based on these assumptions to determine remote WAFs.


USAGE python wafw00f.py <url>

EXAMPLE python wafw00f.py google.com


No comments:

Post a Comment