Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: RPC Evasion techniques

from [crazy frog crazy frog] Network Security [Permanent Link]
Subject: Re: RPC Evasion techniques
Date: Fri, 4 Nov 2005 12:30:09 +0530 
hi,
does current ids/ips are able to detect attacks such as polymorphic
shell code(adm mutent) or any other such techniques?
_CF
--
bam bam
ting ding ting ding ting ding
ting ding ting ding ding
i m crazy frog :)
"oh yeah oh yeah...
 another wannabe, in hackerland!!!"

On 10/31/05, Pukhraj Singh <pukhraj.singh@gmail.com> wrote:

Lot of things can be done to evade IPS/IDS.

The tricks vary from protcol to protocol. The difference in the
decoding mechanism of security appliance and the application server
can lead to many evasion techniques. I have created and tested many
mutant exploits and they worked beautifully. The idea is to strike and
exploit some  fundamental concepts of logic and protocols which
IDS/IPS makers tend to ignore or is simply beyond their device
capability

Apparently, I haven't documented and organized the work I did.

But here is an introductory paper you should definitely read:
http://www.cs.ucsb.edu/~rsg/Hidra/Papers/2004_vigna_robertson_balzarotti_CCS04.pdf

--Pukhraj Singh


On 10/27/05, tcp fin <inet_inaddr@yahoo.com> wrote:

Hi Guys ,
Any tips and tricks or good article on IDS/IPS evasion
?
I have beautiful paper "Insertion, Evasion and Denial
of Service:
Eluding Network Intrusion detection".
I need some pointers on RPC based  evasion techniques.

Regards,
TCP FIN .




__________________________________
Yahoo! Mail - PC Magazine Editors' Choice 2005
http://mail.yahoo.com

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------




------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------





-

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: RPC Evasion techniques, Pukhraj Singh
Next by Date:  Firstlight IPS, ayrster
Previous by Thread:  Re: RPC Evasion techniques, Pukhraj Singh
Next by Thread:  Re: RPC Evasion techniques, Pukhraj Singh
Indexes:  [Date] [Thread] [Top] [All Lists]