IDS mailing list archives
Re: Foolin an IDS ?
From: Zyzio <zyzio248 () o2 pl>
Date: Fri, 3 Dec 2004 11:08:59 +0100
Hi,
Aside from looking at this the best way to learn to evade IDS/IPS is an understanding of the protocols that they are protecting. This doesn't mean just TCP/UDP; this also means things like MSRPC, HTTP, SSL and such.
I agree with you. I think this is nice paper (about foolin HTTP by Whisker). http://www.ussrback.com/docs/papers/IDS/whiskerids.html and source http://sourceforge.net/projects/whisker/ Best Regards, Chris 'Zyzio' -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- Re: Foolin an IDS ? Jose Costa (Dec 01)
- <Possible follow-ups>
- Re: Foolin an IDS ? Jose Nazario (Dec 01)
- Re: Foolin an IDS ? Graeme Connell (Dec 01)
- RE: Foolin an IDS ? Eric Hines (Dec 01)
- RE: Foolin an IDS ? Shaiful (Dec 02)
- RE: Foolin an IDS ? Maynor, David (ISS Atlanta) (Dec 02)
- Re: Foolin an IDS ? Zyzio (Dec 03)
- Message not available
- RE: Foolin an IDS ? Mark Teicher (Dec 06)
- Re: Foolin an IDS ? Thomas Ptacek (Dec 07)
- Re: Foolin an IDS ? Pukhraj Singh (Dec 27)
- RE: Foolin an IDS ? Maynor, David (ISS Atlanta) (Dec 06)