Evading IDS,FW, honeypot

module 11 https://medium.com/@Mx0o14/tryhackme-network-security-solutions-evasions-8a14de2dcc1 https://viblo.asia/p/su-dung-php-query-string-parser-de-qua-mat-ids-ips-va-waf-3P0lP9Yo5ox # IPS/IDS ![image](https://hackmd.io/_uploads/rkI6u78gC.png) ![image](https://hackmd.io/_uploads/SkDhYm8lA.png) ![image](https://hackmd.io/_uploads/Hy47sXIxC.png) ![image](https://hackmd.io/_uploads/HktTHEUe0.png) ## Evading ![image](https://hackmd.io/_uploads/HyBuz_IeA.png) ![image](https://hackmd.io/_uploads/Sk-3zuLeC.png) ### Insertion attack ![image](https://hackmd.io/_uploads/HyQ6pF8xC.png) Gửi một packet không hợp lệ. Vd: gửi từng kí tự, thì những kí tự cần bỏ ta set TTL chỉ đi đến dc IDS mà không đi đến dc destination. vậy thì IDS sẽ có nhiều word hơn và làm detect sai. Hoặc sửa bằng checksum thì target PC sai checksum sẽ không nhận. IDS vẫn nhận ![image](https://hackmd.io/_uploads/H1lK0K8lA.png) Other name: Invalid packet https://www.yeahhub.com/top-6-techniques-to-bypass-an-ids-intrusion-detection-system/ https://insecure.org/stf/secnet_ids/secnet_ids.html ### Evasion IDS receive more packet than destination. Because IDS block some bytes. https://book.hacktricks.xyz/generic-methodologies-and-resources/pentesting-network/ids-evasion ![image](https://hackmd.io/_uploads/H1wwapUx0.png) ### Compression ![image](https://hackmd.io/_uploads/B1GKK3PxA.png) ### ASCii shellcode ![image](https://hackmd.io/_uploads/B1QnF2ve0.png) # Firewall ![image](https://hackmd.io/_uploads/BkORDUIe0.png) circruit level gateways: check which data stream, session rule(3 way handshakes) are allowed. ![image](https://hackmd.io/_uploads/BkHdZd8gC.png) ## bypass block url ![image](https://hackmd.io/_uploads/r1WXLCweC.png) ![image](https://hackmd.io/_uploads/B1UuUCDg0.png) ## Proxy server ![image](https://hackmd.io/_uploads/r1wjUCwxR.png) ![image](https://hackmd.io/_uploads/SkORUAwg0.png) ## Tunelling read more (page 99 module 12) https://book.hacktricks.xyz/generic-methodologies-and-resources/tunneling-and-port-forwarding # Prevent ## Intrusion detection ### Yara rule ![image](https://hackmd.io/_uploads/ByGOZwUe0.png) ### Snort ![image](https://hackmd.io/_uploads/SkUwGvIeR.png) ![image](https://hackmd.io/_uploads/HygdzD8xC.png) ### suricata ![image](https://hackmd.io/_uploads/B16lcPUlA.png) ## Intrusion Detection Tools for Mobile Devices (52) ![image](https://hackmd.io/_uploads/BJpkhvIeR.png) ## Honeypot ![image](https://hackmd.io/_uploads/SJ8WG_LxC.png) # NAC ## Evasion ![image](https://hackmd.io/_uploads/rJtAwRwxR.png) ### VLAN Hopping ![image](https://hackmd.io/_uploads/BJeZOAve0.png) include demo # Detect Honeypot ![image](https://hackmd.io/_uploads/HyDuX1deC.png) ![image](https://hackmd.io/_uploads/r1ZYQJ_lR.png) ![image](https://hackmd.io/_uploads/Sk0pm1OeC.png)