IDS mailing list archives
Re: Firewall-fooling techniques
From: Don Parker <dparker () bridonsecurity com>
Date: Mon, 24 Jan 2005 17:37:21 -0800
You may want to look into shellcode obfuscation. While it may not fool every IDS out there it certainly fools a great many analysts. -------------------------------------------------------------- Don Parker, GCIA GCIH Intrusion Detection & Incident Handling Specialist Bridon Security & Training Services http://www.bridonsecurity.com voice: 1-613-302-2910 -------------------------------------------------------------- On Mon Jan 24 13:48 , Krzysztof Cabaj sent:
Hi,I'm looking for some basic information on "techniques" on "fooling" >firewalls and IDSs. Like using fragmented packages to fool packet-filtering firewalls etc.. Any suggestions on such techniques, and perhaps some references to online litterature.. ?I think this is good begining ... maybe not recent, but for beginning perfect. T.H Ptacek, T.N. Newsham.: Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection, January 1998, URL:http://citeseer.nj.nec.com/ptacek98insertion.html And some for application layer Whisker library for fooling IDS which look at HTTP traffic. http://www.ussrback.com/docs/papers/IDS/whiskerids.html Best regards, Chris -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
-------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- Firewall-fooling techniques Göran Sandahl (Jan 24)
- Re: Firewall-fooling techniques Jose Maria Lopez (Jan 24)
- <Possible follow-ups>
- Re: Firewall-fooling techniques Krzysztof Cabaj (Jan 24)
- Re: Firewall-fooling techniques Don Parker (Jan 25)