Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: RPC Evasion techniques

from [Palmer, Paul (ISSAtlanta)] Network Security [Permanent Link]
Subject: RE: RPC Evasion techniques
Date: Thu, 3 Nov 2005 15:19:19 -0500 
I would like to make a comment on that paper you cited as it relates to
the test results.

I am impressed by the authors' technology. I believe they are helping to
advance the state of the art in IDS/IPS testing. However, ISS has been
unable to reproduce the results that the authors describe with recent
products. I believe that the authors were using older versions of ISS
products during testing. So far, they have not provided product version
information when asked.

So, I strongly believe that the published results are not a reflection
of the quality of recent ISS product protection. Even so, I still
believe that the results demonstrate the strengths of the authors'
technology to expose limitations in an IDS/IPS product whether or not
the product is still relevant.

Paul

-----Original Message-----
From: Pukhraj Singh [mailto:pukhraj.singh@gmail.com] 
Sent: Monday, October 31, 2005 7:28 AM
To: tcp fin
Cc: focus-ids@securityfocus.com
Subject: Re: RPC Evasion techniques


Lot of things can be done to evade IPS/IDS.

The tricks vary from protcol to protocol. The difference in the decoding
mechanism of security appliance and the application server can lead to
many evasion techniques. I have created and tested many mutant exploits
and they worked beautifully. The idea is to strike and exploit some
fundamental concepts of logic and protocols which IDS/IPS makers tend to
ignore or is simply beyond their device capability

Apparently, I haven't documented and organized the work I did.

But here is an introductory paper you should definitely read:
http://www.cs.ucsb.edu/~rsg/Hidra/Papers/2004_vigna_robertson_balzarotti
_CCS04.pdf

--Pukhraj Singh


On 10/27/05, tcp fin <inet_inaddr@yahoo.com> wrote:

Hi Guys ,
Any tips and tricks or good article on IDS/IPS evasion
?
I have beautiful paper "Insertion, Evasion and Denial
of Service:
Eluding Network Intrusion detection".
I need some pointers on RPC based  evasion techniques.

Regards,
TCP FIN .




__________________________________
Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com

----------------------------------------------------------------------
--
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to 
http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.


------------------------------------------------------------------------





------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708

to learn more.
------------------------------------------------------------------------


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: IPv6 support in IDS/IPS products, Palmer, Paul (ISSAtlanta)
Next by Date:  Re: RPC Evasion techniques, Pukhraj Singh
Previous by Thread:  Re: RPC Evasion techniques, Pukhraj Singh
Next by Thread:  Re: RPC Evasion techniques, Pukhraj Singh
Indexes:  [Date] [Thread] [Top] [All Lists]