IDS mailing list archives
Re: Detection evasion technique by invalid UTF-8 sequences
From: Frank Knobbe <frank () knobbe us>
Date: Thu, 26 Mar 2009 20:11:57 -0500
On Mon, 2009-03-23 at 11:44 +0900, bugtraq01 () hash-c co jp wrote: [...]
Detection by IDS/IPS/WAF(Web Application Firewall) is evaded by inserting invalid UTF-8 sequences on the way of SQL keywords(select, union, declare and so on).
I'm curious, which IDS/IPS/WAF products have you tested that were not able to properly normalize the URL parameters? Which products are affected? If the IDS/IPS/WAF products are able to normalize the traffic properly, where is the problem? -Frank -- It is said that the Internet is a public utility. As such, it is best compared to a sewer. A big, fat pipe with a bunch of crap sloshing against your ports.
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Detection evasion technique by invalid UTF-8 sequences bugtraq01 (Mar 23)
- Re: Detection evasion technique by invalid UTF-8 sequences Frank Knobbe (Mar 30)