SYNFUL DECEIT, STATEFUL SUBTERFUGE

Black Hat USA 2012

Presented by: Chris Patten, Tom Steele
Date: Thursday July 26, 2012
Time: 14:35 - 14:55
Location: Palace I
Track: Enterprise Intrigue

Successful network reconnaissance and attacks are almost always predicated by effectively identify listening application services. However, the task can be daunting with various deployments of SYN Flood protections that can mask legitimate results. Furthermore, misconceptions are plenty and suggestions are elusive regarding how to truly detect the actual available services from the false positives. This presentation will delve into techniques used for SYN Flood protection and how to defeat various open-source and commercial vendor implementations.

The presentation will consist of IPv4 packet level details. As a result, a solid understanding of TCP/IP and the IPv4 connection process is highly advised prior to attending this presentation. Further understanding of typical port scanning techniques, such as SYN and ACK scans, will be useful, as well. Finally, a tool will be released so attendees can continue to explore the concepts and techniques within their own networks.

Tom Steele

Tom Steele hails from Seattle Washington where he works as a Security Consultant at FishNet Security. The dynamic nature of his current role allows him to touch many areas of the offensive security spectrum. When not working he can be found gaming and creating tools to solve complex problems.

Chris Patten

Chris Patten performs penetration testing both day and night while researching new attack techniques. Chris has been participating in the security community for a number of years in various capacities. Only over the last year has his personal and professional interests aligned allowing for numerous opportunities to get back to the real passion with technology. Fortunately, Chris has the pleasure to currently work with some very talented individuals affording him the opportunity to consistently share penetration testing experiences.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats