Session Splicing and IDS Evasion

Questions and Answers

Which tool is recommended in the text for performing a session-splicing attack?

• Hydra
• Nessus (Correct) (correct)
• tcpsplice
• Burp

What is the main idea behind session splicing as described in the text?

• To reassemble communication streams
• To stop IDS from reassembling sessions
• To ensure every packet matches IDS signature
• To split data between several packets to avoid matching IDS patterns (correct)

Why does an IDS become susceptible to malicious data theft after a successful splicing attack?

• It reassembles communication streams improperly
• It stops logging any attack attempts
• It fails to detect malicious data
• It stops reassembling sessions after a certain period (correct)

What tool is incorrectly mentioned in the text as being recommended for session splicing attacks?

Whisker (Correct) (C)

What happens if the application under attack keeps a session active longer than the time spent by the IDS on reassembling it?

The IDS will stop reassembling the extended session (Correct) (A)

Flashcards are hidden until you start studying

Study Notes

Session Splicing Attack

• Tcpreplay is recommended for performing a session-splicing attack.
• The main idea behind session splicing is to split a packet capture file into multiple segments, and then replay them out of order to evade detection by an IDS (Intrusion Detection System).

IDS Susceptibility to Malicious Data Theft

• After a successful splicing attack, an IDS becomes susceptible to malicious data theft because it incorrectly reassembles the packet stream, leading to the theft of sensitive data.

Incorrectly Mentioned Tool

• Tcpdump is incorrectly mentioned in the text as being recommended for session splicing attacks.

Session Persistence

• If the application under attack keeps a session active longer than the time spent by the IDS on reassembling it, the attack will be unsuccessful.