Trafscrambler anti-sniffer v0.2 on the wild

Trafscrambler is an anti-sniffer/IDS LKM(Network Kernel Extension) for OSX, licensed under BSD.


  • injection of packets with bogus data and with randomly selected bad TCP
    cksum or bad TCP sequences
  • userland binary(tsctrl) for controlling trafscrambler NKE
  • SYN decoy - sends out number of SYN pkts before the original SYN pkt
  • TCP reset attack - sends out RST/FIN pkt with bad sequence
  • Pre-connection SYN - sends out SYN with wrong TCP-checksum
  • Post-connection SYN - sends out fake SYN after connection establishment
  • Zero Window - send out pkt with “0†window set.

Tool Submitted by Maximiliano Soler

Post scriptum

Compliance Mandates

  • IDS :

    PCI DSS 10.6, 11.4, SOX A13.2, DS5.10, GLBA 16CFR Part 314.4(b) and (3), HIPAA 164.306(a)(2), 164.308(a)(1) 164.308(a)(6)42, FISMA SI-4, AC-2, ISO 27001/27002 10.6.2,
    10.10.1, 10.10.2, 10.10.4, 15.1.5


Related Articles

Security Solutions