SYNful Deceit, Stateful Subterfuge

Presented at Black Hat USA 2012, July 26, 2012, 2:35 p.m. (20 minutes).

Successful network reconnaissance and attacks are almost always predicated by effectively identify listening application services. However, the task can be daunting with various deployments of SYN Flood protections that can mask legitimate results. Furthermore, misconceptions are plenty and suggestions are elusive regarding how to truly detect the actual available services from the false positives. This presentation will delve into techniques used for SYN Flood protection and how to defeat various open-source and commercial vendor implementations.

The presentation will consist of IPv4 packet level details. As a result, a solid understanding of TCP/IP and the IPv4 connection process is highly advised prior to attending this presentation. Further understanding of typical port scanning techniques, such as SYN and ACK scans, will be useful, as well. Finally, a tool will be released so attendees can continue to explore the concepts and techniques within their own networks.


Presenters:

Links: