Session Splicing and IDS Evasion Techniques

Questions and Answers

Which tool can be used to perform session splicing attacks?

• tcpsplice (correct)
• Whisker
• Burp
• Hydra

What is the idea behind session splicing?

• To flood the network with excessive data packets
• To encrypt communication to bypass IDS detection
• To split data between several packets to avoid matching IDS signatures (correct)
• To create fake sessions to confuse IDS

Why do many IDS stop reassembling and handling a stream after a certain period?

• To prevent attacks through session splicing
• Due to limitations in packet processing speed
• Because of the time spent by the IDS on reassembling (correct)
• To conserve system resources

What will the IDS not log after a successful splicing attack?

Any further attack attempts (B)

What tool is recommended for performing a session-splicing attack?

Nessus (D)

Flashcards are hidden until you start studying

Study Notes

Session Splicing Attacks

• A session splicing attack is a type of evasion technique used to bypass IDS (Intrusion Detection System) by splitting a malicious packet into multiple碎 packets, making it difficult for IDS to detect.

Tools for Session Splicing

• Tcpclip is a tool that can be used to perform session splicing attacks.

Goals of Session Splicing

• The idea behind session splicing is to evade detection by IDS by splitting a malicious packet into multiple fragments, which are then reassembled at the target system.

IDS Limitations

• Many IDS stop reassembling and handling a stream after a certain period, usually due to performance or resource constraints.

Evasion Techniques

• After a successful splicing attack, the IDS will not log the attack, as it is unable to reassemble the fragmented packets and detect the malicious activity.