Re: RPC Evasion techniques

[Jonathon Giffin <giffin () cs wisc edu>]

> -----Original Message-----
> From: Pukhraj Singh [mailto:pukhraj.singh () gmail com] 
> Sent: Monday, October 31, 2005 7:28 AM
> To: tcp fin
> Cc: focus-ids () securityfocus com
> Subject: Re: RPC Evasion techniques
>
> But here is an introductory paper you should definitely read:
> http://www.cs.ucsb.edu/~rsg/Hidra/Papers/2004_vigna_robertson_balzarotti
> _CCS04.pdf

You can also see

  Automatic generation and analysis of NIDS attacks.
  Shai Rubin, Somesh Jha, and Barton P. Miller.
  In 20th Annual Computer Security Applications Conference (ACSAC).
  Tucson, Arizona, December 2004.
  http://www.cs.wisc.edu/wisa/papers/acsac04/index.html

for evasion attacks against Snort, and

  Using attack mutation to test a high-end NIDS.
  Shai Rubin, Somesh Jha, and Barton P. Miller.
  In Information Security Bulletin, Volume 10, April 2005.
  Not available online; contact the first author.

for evasion attacks against TippingPoint UnityOne (now acquired by 
3Com). The attacks were confirmed and fixed by the developers of each 
IDS/IPS.

Please be aware that I am not a disinterested third party; these authors 
are my colleagues and academic advisers.

Thanks,

Jon

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------