Aug 01

Evading IPS/IDS with TCP Checksum Forgery

Judy Novak, one of my early mentors and good friends, has posted an excellent article at on manipulating IPS/IDS with TCP checksum forgeries. She also details the effect of this crafty manipulation to Snort with great examples you can use on your own IPS/IDS.

TCP Checksum Forgery Example

Check out her article, and also check out the Scapy class she wrote for the SANS Institute. If you want to be a packet ninja, mastering Scapy with Judy will get you there fast.