1

Techniques to bypass and attack IPS/IDS/Firewall

Hello guys, I am conducting an audit on my organization trying to challenge the rules and use cases of my IPS/IDS/Firewall technologies; However, since I am new to this, I would like to know if you know of any evasion and attack techniques you know so I can investigate and apply them in my audit.

To date I have applied techniques such as:

Packet fragmentation
Bad Checksum
Decoy
Spoofing

However, I have not been able to be successful in my tests, I hope you can guide me and if you know of some tools with which I could better complement my audit.

Thank you.

2

Well without knowing the exact scopes it’s kind of hard to answer your query. What is it they’re allowing you to attack? What is that isn’t allowed? We can throw ideas at you all day long but if the techniques mentioned are all listed as out of scope for your penetration test you won’t legally be able to utilize any of the information provided. If you’re auditing every aspect of the organization, the security is only as good as it’s least aware member. With that being said Phishing and MITMs are a good place to start.

3

They ask me to evaluate that the rules and/or use cases implemented by my IPS and Firewall are adequate to protect the services that I have on my internal network, against anomalous traffic attacks, Dos, spoofing, etc.

Thanks

4

Boy, does 0x00sec have you covered! Here’s an article by @messede explaining SNI.

5

i’ve opened it up for comments, if you have found any interesting stuff lately (related to SNI bypass) please do share.