IDS mailing list archives
Re: RPC Evasion techniques
From: crazy frog crazy frog <i.m.crazy.frog () gmail com>
Date: Fri, 4 Nov 2005 12:30:09 +0530
hi, does current ids/ips are able to detect attacks such as polymorphic shell code(adm mutent) or any other such techniques? _CF -- bam bam ting ding ting ding ting ding ting ding ting ding ding i m crazy frog :) "oh yeah oh yeah... another wannabe, in hackerland!!!" On 10/31/05, Pukhraj Singh <pukhraj.singh () gmail com> wrote:
Lot of things can be done to evade IPS/IDS. The tricks vary from protcol to protocol. The difference in the decoding mechanism of security appliance and the application server can lead to many evasion techniques. I have created and tested many mutant exploits and they worked beautifully. The idea is to strike and exploit some fundamental concepts of logic and protocols which IDS/IPS makers tend to ignore or is simply beyond their device capability Apparently, I haven't documented and organized the work I did. But here is an introductory paper you should definitely read: http://www.cs.ucsb.edu/~rsg/Hidra/Papers/2004_vigna_robertson_balzarotti_CCS04.pdf --Pukhraj Singh On 10/27/05, tcp fin <inet_inaddr () yahoo com> wrote:Hi Guys , Any tips and tricks or good article on IDS/IPS evasion ? I have beautiful paper "Insertion, Evasion and Denial of Service: Eluding Network Intrusion detection". I need some pointers on RPC based evasion techniques. Regards, TCP FIN . __________________________________ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
- ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
Current thread:
- Re: RPC Evasion techniques Nakul Aggarwal (Nov 03)
- <Possible follow-ups>
- Re: RPC Evasion techniques Pukhraj Singh (Nov 03)
- Re: RPC Evasion techniques crazy frog crazy frog (Nov 07)
- Re: RPC Evasion techniques Pukhraj Singh (Nov 07)
- Re: RPC Evasion techniques crazy frog crazy frog (Nov 07)
- RE: RPC Evasion techniques Palmer, Paul (ISSAtlanta) (Nov 07)
- Re: RPC Evasion techniques Pukhraj Singh (Nov 07)
- Re: RPC Evasion techniques Jonathon Giffin (Nov 08)