Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco NIDS and Polymorphic shell code

Not too long ago I found an article/whitepaper on the mitigation of polymorphic shellcode and Cisco IDS. However, I'll be damned if I can locate the text when I needed it. Is there any Cisco documentation that talks about IDS and polymorphic shellcode? Impact, effectiveness, etc?

Thanks in advance.

Cisco Employee

Re: Cisco NIDS and Polymorphic shell code

I'm not aware of any documentation/whitepapers that discuss Cisco IDS and polymorphic shellcode, but I do know that it makes little difference to Cisco IDS. Signatures written for Cisco IDS don't target particular exploits, but rather the vulnerabilities that they exploit. Overflows occur because you put too much data into a parameter, CIDS signatures will look for data that is too large being put into a vulnerable parameter. This means that while an exploit that utilizes polymorphic shellcode might change as it propagates, CIDS will still trigger.

Cisco Employee

Re: Cisco NIDS and Polymorphic shell code

Is this the white paper you were looking for?

It is linked off this page on CCO under the WhitePapers section: