Not too long ago I found an article/whitepaper on the mitigation of polymorphic shellcode and Cisco IDS. However, I'll be damned if I can locate the text when I needed it. Is there any Cisco documentation that talks about IDS and polymorphic shellcode? Impact, effectiveness, etc?
I'm not aware of any documentation/whitepapers that discuss Cisco IDS and polymorphic shellcode, but I do know that it makes little difference to Cisco IDS. Signatures written for Cisco IDS don't target particular exploits, but rather the vulnerabilities that they exploit. Overflows occur because you put too much data into a parameter, CIDS signatures will look for data that is too large being put into a vulnerable parameter. This means that while an exploit that utilizes polymorphic shellcode might change as it propagates, CIDS will still trigger.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...