Information Systems Management and Security
Printable version
The idea behind 0trace is to launch a traceroute operation on an already established session. It is meant to bypass firewall that perform stateful inspection. This is a good idea as it allows to know what is behind the firewall. On the other hand, IDS with the TTL change might considers it as an evasion attempt.
The first version by Michal Zalewski was discuss here, You now have the Jagger’s improved version.
The example in the mailling list is quite straight forward.
Polygraph is a tool designed to generate attack signature from a corpus of data. The idea is to be able to generate quickly and automatically the signature of an attack. This is useful for Worms detection for instance. This is a work by James Newsome, Brad Karp, and Dawn Song. Since them many “anti-polygraph” papers have been published. In particular Allergy attacks (S. Chung and K. Mok) are very interessting, However it is very nice and stimulating to have a publicly available tool to test ideas.
The paper (PDF version) that details this tool was presented at S&P 2005
The Polygraph source code can be downloaded here
Latest Comments