05-30-2002 06:31 AM - edited 03-08-2019 10:47 PM
Not too long ago I found an article/whitepaper on the mitigation of polymorphic shellcode and Cisco IDS. However, I'll be damned if I can locate the text when I needed it. Is there any Cisco documentation that talks about IDS and polymorphic shellcode? Impact, effectiveness, etc?
Thanks in advance.
05-30-2002 07:22 AM
I'm not aware of any documentation/whitepapers that discuss Cisco IDS and polymorphic shellcode, but I do know that it makes little difference to Cisco IDS. Signatures written for Cisco IDS don't target particular exploits, but rather the vulnerabilities that they exploit. Overflows occur because you put too much data into a parameter, CIDS signatures will look for data that is too large being put into a vulnerable parameter. This means that while an exploit that utilizes polymorphic shellcode might change as it propagates, CIDS will still trigger.
05-30-2002 08:16 AM
Is this the white paper you were looking for?
http://www.cisco.com/warp/public/cc/pd/sqsw/sqidsz/prodlit/idssa_wp.htm
It is linked off this page on CCO under the WhitePapers section:
http://www.cisco.com/warp/public/cc/pd/sqsw/sqidsz/prodlit/index.shtml
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide