×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Interesting thread on IDS Evasion

Unanswered Question
Mar 19th, 2004
User Badges:
  • Bronze, 100 points or more

Greetings,


There's an ongoing thread on the pen-test mailing list over at securityfocus.com involving what the original author suspects is shunning. (Thread index: http://www.securityfocus.com/archive/101/357990/2004-03-16/2004-03-22/1)


In a nutshell, the supposition is that a Cisco IDS is shunning the IP (range?) from which he is running his tests, which involve both "nmap" and "nikto."


What intrigues me is that some of the suggested evasion techniques (fragmentation, session splicing, encryption via SSL) are well know and, with the exception of SSL encrypted exploits, detected by Cisco IDS.


Discussions like this just make me like my sensors more and more... =)


Alex

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mjuckett Mon, 03/22/2004 - 06:47
User Badges:

Thanks for posting that link. I found it very interesting.

Actions

This Discussion