IDS mailing list archives

Re: Foolin an IDS ?

From: Zyzio <zyzio248 () o2 pl>
Date: Fri, 3 Dec 2004 11:08:59 +0100

Hi,

Aside from looking at this the best way to learn to evade IDS/IPS
is an understanding of the protocols that they are protecting.
This doesn't mean just TCP/UDP; this also means things like MSRPC,
HTTP, SSL and such.

I agree with you.

I think this is nice paper (about foolin HTTP by Whisker).
http://www.ussrback.com/docs/papers/IDS/whiskerids.html

and source 
http://sourceforge.net/projects/whisker/

Best Regards,
Chris 'Zyzio'


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------

Current thread:

Re: Foolin an IDS ? Jose Costa (Dec 01)
- <Possible follow-ups>
- Re: Foolin an IDS ? Jose Nazario (Dec 01)
- Re: Foolin an IDS ? Graeme Connell (Dec 01)
- RE: Foolin an IDS ? Eric Hines (Dec 01)
  - RE: Foolin an IDS ? Shaiful (Dec 02)
- RE: Foolin an IDS ? Maynor, David (ISS Atlanta) (Dec 02)
  - Re: Foolin an IDS ? Zyzio (Dec 03)
  - Message not available
    - RE: Foolin an IDS ? Mark Teicher (Dec 06)
  - Re: Foolin an IDS ? Thomas Ptacek (Dec 07)
    - Re: Foolin an IDS ? Pukhraj Singh (Dec 27)
- RE: Foolin an IDS ? Maynor, David (ISS Atlanta) (Dec 06)