Re: Detection evasion technique by invalid UTF-8 sequences

[Frank Knobbe <frank () knobbe us>]

On Mon, 2009-03-23 at 11:44 +0900, bugtraq01 () hash-c co jp wrote:
[...]
> Detection by IDS/IPS/WAF(Web Application Firewall) is evaded by 
> inserting invalid UTF-8 sequences on the way of SQL keywords(select,
> union, declare and so on). 


I'm curious, which IDS/IPS/WAF products have you tested that were not
able to properly normalize the URL parameters?

Which products are affected? If the IDS/IPS/WAF products are able to
normalize the traffic properly, where is the problem?

-Frank



-- 
It is said that the Internet is a public utility. As such, it is best
compared to a sewer. A big, fat pipe with a bunch of crap sloshing
against your ports.

Attachment: signature.asc
Description: This is a digitally signed message part