Now the next point to consider is ... do all IDS systems have common evasions?
When we read the paper on fixing the evasions through FSM, snort was the system under consideration ... there is no specific information provided regarding to what extent where the evasions present in the system were identified ... how can we confirm that if we have identified certain types of evasions we have addressed all that present in the specific IDS system.
Now concentrating on the basic evasion types as described in the case of SQL injection ... next question is ... if we use snort ... what kinds of intrusions in general it would address ...
http://en.wikipedia.org/wiki/Intrusion_detection_system_evasion_techniques ... talks about vulnerability scanners that also incorporate IDS evasion techniques
http://www.mail-archive.com/issforum@iss.net/msg02072.html --> "ADMmutate is a shellcode mutation engine, can evade NIDS
A way of breaking into a system. An exploit takes advantage of a weakness in a system in order to hack it. Exploits are the root of the hacker culture. Hackers gain fame by discovering an exploit. Others gain fame by writing scripts for it. Legions of script-kiddies apply the exploit to millions of systems, whether it makes sense or not. Since people make the same mistakes over-and-over, exploits for very different systems start to look very much like each other. Most exploits can be classified under major categories: buffer overflow, directory climbing, defaults, Denial of Service."
0 comments:
Post a Comment