SniffJoke at the moment has been stabilized in the 0.4.2 release, some requirements and issue had become clear in the last months.
The first overall: require testing on the road. IDS may not so vulnerable, but sniffers surely are. simply, is difficult found someone with a law enforce sniffer that want collaborate in order to defeat him technology. At the CCC maybe I shall print out an A4 physical spam.
Portability: evilaliv3 has started a symbiotic project: Janus, in SniffJoke framework will supply all privileged operations, restrict the portability issue, and be a simple C software easy to be ported under every 4.4BSD and POSIX O.S.. With Janus, SniffJoke will run as an unprivileged single process.
Stability: IP/TCP options abuse shall not be tested only with a single destination, like sj-iptcpopt-probe (on behalf of sniffjoke-autotest) actually does. A new class is under development and will solve this issue, beside enlarge the amount of “scramble” available.
The available package for the GNU distributions with Linux kernel, are gentoo, RPM, .deb (tested under ubuntu, debian, backtrack).
Security analysis: July 2011, rfc6274.txt Security Assessment on IPv4. Require some detailed reading, also because point to an IDS improvement to avoid evasions.
Additionally, this document analyzes the security implications from changes in the operational environment since the Internet Protocol was designed. For example, it analyzes how the Internet Protocol could be exploited to evade Network Intrusion Detection Systems (NIDSs) or to circumvent firewalls.
