You are here: silicon.com > Resources > White Papers > Security > Intrusion - Tampering > Network Security

Network Security White Papers

Combining Evasion Techniques to Avoid Network Intrusion Detection Systems

Tags:
network security

Overview Three different Network Intrusion Detection System (NIDS) evasion techniques were combined into a three-dimensional testing space. These evasion techniques manipulated the TCP/IP protocol instead of relying on application-specific evasions. A modified version of the Mendax program was used to send the ISAPI .printer attack in the clear to the target system. The evasion techniques used were segmentation of the attack into smaller packets, overlapping data in the packets, and the presence of "Presequence chaff". Derived from Mendax, presequence chaff places garbage data in the first packet, with sequence numbers less than session start. The testing space was run against a sample NIDS at three levels of sensitivity, showing regions where the combined evasion techniques were not correctly detected.

Further White Paper Details
Publisher	Skaion	File Format	PDF
Date Published	March 2003
Format	White Papers
Topics	Network Security, Security Tools, Intrusion Detection Systems

Did you find this white paper useful? 4 out of 7 users found this white paper useful

Balancing Security Against Productivity

Publisher:
Novell

Security: New strides in preventing intrusions.

Publisher:
IBM

Novell Zenworks Endpoint Security Management: Total Control from a Single Console

Publisher:
Novell

Secure Desktop On-Demand Webcast

Publisher:
Novell

County Government Increases the Security of Its Network

Publisher:
Microsoft

Where is the mysterious internet code coming from?

That would leave us to believe that there is something out there that is creating the [data] packets that isn't this Trojan. None of the operating systems are going to start with a window size of that [55,808 bytes] size," said Joe Stewart, senior...

Channel:
LANs
Tags:
mysterious,
iana,
lurhq,
iss

Hackers get anonymity boost

The packet would contain a message indicating to the third-party server that a computer wants to start a communications session. The header is the part of data packets that tells network hardware and servers how to handle the information.

Can I be your MSN Messenger buddy? And look at your hard drive too…

If an attacker sent a particular sequence of packets to a server running Media Services 4.1, it could interrupt any video streams. The vulnerability in MSN Messenger versions 6.0 and 6.1 could let an attacker view the contents of a victim's hard...

Channel:
Desktops

Script kiddies learn grown-up hacking techniques

A more sophisticated security product such as an Intrusion Detection System, which can examine the contents of each packet of data, may give more protection. By entering particular queries against the Web site, the database gives error messages...

Cracked: The Great Firewall of China

The researchers found it was possible to circumvent the Chinese intrusion detection systems (IDS) by ignoring the forged TCP resets injected by the Chinese routers, which would normally force the endpoints to abandon the connection.

VoIP threats to watch out for

Examples of hacks for SIP include registration hijacking, which allows a hacker to intercept incoming calls and reroute them; message tampering, which allows a hacker to modify data packets travelling between SIP addresses; and session tear-down...

Live Webcast: Telecoms 2.0 - Where is telecoms heading?

In this webcast, our panel of experts will review where we are with next generation telecoms in the UK, working through the concept of 'Telecoms 2.0': - Realising the potential of Next Generation Networks - why it isn't just about the technology? - What attributes should firms be looking for in their telco partner? - Is the relationship between telco provider and customer changing? - What things need to happen to make next generation services a reality? - You say you want the supplier to change. Do you want to change too? - What is Telecoms 2.0?

Publisher:
ZDNet UK

Telecom 2.0: Mind over matter

ntl:Telewest Business believes that the role of the telco is evolving. Gone are the days when it was enough to simply focus on circuits and minutes, customers now need a far higher degree of interaction and look for suppliers who will talk business solutions with them.

Publisher:
ntl:Telewest Business

IBM Information Server Change Data Capture

In today's fast-paced world, access to real-time data has never been more important. To be successful, organizations need to be able to report and analyze corporate data quickly and easily, regardless of what applications created the data, what platform they're running on, or what database they're stored in.

Publisher:
IBM

An examination of server consolidation: the trends that can drive efficiencies and help businesses gain a competitive edge

This white paper provides a starting point for organizations contemplating server consolidation. It includes an overview of server consolidation concepts and techniques and provides guidance on methodologies. It also looks at the potential cost savings associated with server consolidation and offers information on how organizations can sustain the advantage they have gained by consolidating their servers.

Publisher:
IBM

Also on silicon.com

Site Navigation:

Network Security White Papers

Combining Evasion Techniques to Avoid Network Intrusion Detection Systems

Quick Sitemap Links:

About Us

Search

Blogs

Verticals

Advertising Features

CNET Networks in Europe

CNET Networks in the United States

CNET Networks in Asia Pacific