Dailydave mailing list archives
Evasion
From: "Kyle Quest" <Kyle.Quest () networkengines com>
Date: Wed, 25 May 2005 21:05:10 -0400
Here's one of the things I discovered experimenting with ISA 2004 Server. It's an evasion technique that can be used to bypass its header filters and header signatures. It can be achieved by folding HTTP headers, so if somebody, for example, has a signature to block HTTP traffic that contains header X with value Y it would be bypassed if an attacker folds the value Y onto the next line. I believe that it may also apply to SOME Snort signatures too due to the way the HTTP signature are usually created (some of the signatures rely on the end of line marker). I thought Dave might enjoy this bit of information He's a big fan of evading stuff :-) Just curious... would you call this evasion technique a vulnerability in the ISA product? Kyle _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Evasion Kyle Quest (May 25)
- Re: Evasion J B (May 27)