Re: Firewall-fooling techniques

[Don Parker <dparker () bridonsecurity com>]

You may want to look into shellcode obfuscation. While it may not fool every IDS
out there it certainly fools a great many analysts.

--------------------------------------------------------------
Don Parker, GCIA GCIH
Intrusion Detection & Incident Handling Specialist
Bridon Security & Training Services
http://www.bridonsecurity.com
voice: 1-613-302-2910
--------------------------------------------------------------

On Mon Jan 24 13:48 , Krzysztof Cabaj  sent:

> Hi,
>
> > I'm looking for some basic information on "techniques" on
> > "fooling" >firewalls 
> > and IDSs. Like using fragmented packages to fool packet-filtering
> > firewalls 
> > etc.. Any suggestions on such techniques, and perhaps some
> > references to 
> > online litterature.. ?
> I think this is good begining ... maybe not recent, but for
> beginning perfect.
>
> T.H Ptacek, T.N. Newsham.: Insertion, Evasion, and Denial of
> Service: Eluding Network Intrusion Detection, January 1998,
> URL:http://citeseer.nj.nec.com/ptacek98insertion.html
>
> And some for application layer
> Whisker library for fooling IDS which look at HTTP traffic.
> http://www.ussrback.com/docs/papers/IDS/whiskerids.html
>
> Best regards,
> Chris
>
> --------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it with real-world attacks from 
> CORE IMPACT.
> Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
> to learn more.
> --------------------------------------------------------------------------



--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------