-
Notifications
You must be signed in to change notification settings - Fork 4
Thoughts on Evasion
Regular IDS\IPS tools detection _modus opernady _ when it comes to identify a port scan relies on all of one of the below behaviors.
- Packet Size
- Irregular source behavior
- Sequentiality (either connection to multiple hosts on the same subnet or to a group of ports on the same host from a single scanner).
One of the purposes of this tool is to challenge the concept of how security tools identify port scan operations, by let's say, security consultants or script kids(a few machines that scans an entire block without any consideration of a security device that may affect the scan results). Distributed Scan allows you to create an extremely randomized scan patterns(in various levels of randomization), which allows you to spread your scans over a very large of number scanners, but also randomize port selection for different hosts, and create different TCP segments size for scan commands.
For more information, run: DistributedScan-commandFileCreateInfo