Re: RPC Evasion techniques

[Pukhraj Singh <pukhraj.singh () gmail com>]

Lot of things can be done to evade IPS/IDS.

The tricks vary from protcol to protocol. The difference in the
decoding mechanism of security appliance and the application server
can lead to many evasion techniques. I have created and tested many
mutant exploits and they worked beautifully. The idea is to strike and
exploit some  fundamental concepts of logic and protocols which
IDS/IPS makers tend to ignore or is simply beyond their device
capability

Apparently, I haven't documented and organized the work I did.

But here is an introductory paper you should definitely read:
http://www.cs.ucsb.edu/~rsg/Hidra/Papers/2004_vigna_robertson_balzarotti_CCS04.pdf

--Pukhraj Singh


On 10/27/05, tcp fin <inet_inaddr () yahoo com> wrote:
> Hi Guys ,
> Any tips and tricks or good article on IDS/IPS evasion
> ?
> I have beautiful paper "Insertion, Evasion and Denial
> of Service:
> Eluding Network Intrusion detection".
> I need some pointers on RPC based  evasion techniques.
>
> Regards,
> TCP FIN .
>
>
>
>
> __________________________________
> Yahoo! Mail - PC Magazine Editors' Choice 2005
> http://mail.yahoo.com
>
> ------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it
> with real-world attacks from CORE IMPACT.
> Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
> to learn more.
> ------------------------------------------------------------------------

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------