Session Splicing and IDS Evasion Techniques

Questions and Answers

Which tool can be used to perform session splicing attacks?

tcpsplice (correct)

Whisker

Burp

Hydra

What is the idea behind session splicing?

To flood the network with excessive data packets

To encrypt communication to bypass IDS detection

To split data between several packets to avoid matching IDS signatures (correct)

To create fake sessions to confuse IDS

Why do many IDS stop reassembling and handling a stream after a certain period?

To prevent attacks through session splicing

Due to limitations in packet processing speed

Because of the time spent by the IDS on reassembling (correct)

To conserve system resources

What will the IDS not log after a successful splicing attack?

Any further attack attempts

What tool is recommended for performing a session-splicing attack?

Nessus

Study Notes

Session Splicing Attacks

• A session splicing attack is a type of evasion technique used to bypass IDS (Intrusion Detection System) by splitting a malicious packet into multiple碎 packets, making it difficult for IDS to detect.

Tools for Session Splicing

• Tcpclip is a tool that can be used to perform session splicing attacks.

Goals of Session Splicing

• The idea behind session splicing is to evade detection by IDS by splitting a malicious packet into multiple fragments, which are then reassembled at the target system.

IDS Limitations

• Many IDS stop reassembling and handling a stream after a certain period, usually due to performance or resource constraints.

Evasion Techniques

• After a successful splicing attack, the IDS will not log the attack, as it is unable to reassemble the fragmented packets and detect the malicious activity.

Description

Test your knowledge of session splicing, an IDS evasion technique that exploits how some IDSs do not reconstruct sessions before performing pattern matching on the data. Learn about tools used to perform session splicing attacks.