Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
474
Views
0
Helpful
2
Replies

Cisco NIDS and Polymorphic shell code

s309973
Level 1
Level 1

‎05-30-2002 06:31 AM - edited ‎03-08-2019 10:47 PM

Not too long ago I found an article/whitepaper on the mitigation of polymorphic shellcode and Cisco IDS. However, I'll be damned if I can locate the text when I needed it. Is there any Cisco documentation that talks about IDS and polymorphic shellcode? Impact, effectiveness, etc?

Thanks in advance.

Labels:
0 Helpful
2 Replies 2

anthall
Level 1
Level 1

‎05-30-2002 07:22 AM

I'm not aware of any documentation/whitepapers that discuss Cisco IDS and polymorphic shellcode, but I do know that it makes little difference to Cisco IDS. Signatures written for Cisco IDS don't target particular exploits, but rather the vulnerabilities that they exploit. Overflows occur because you put too much data into a parameter, CIDS signatures will look for data that is too large being put into a vulnerable parameter. This means that while an exploit that utilizes polymorphic shellcode might change as it propagates, CIDS will still trigger.

0 Helpful

marcabal
Cisco Employee
Cisco Employee
In response to anthall

‎05-30-2002 08:16 AM

Is this the white paper you were looking for?

http://www.cisco.com/warp/public/cc/pd/sqsw/sqidsz/prodlit/idssa_wp.htm

It is linked off this page on CCO under the WhitePapers section:

http://www.cisco.com/warp/public/cc/pd/sqsw/sqidsz/prodlit/index.shtml

0 Helpful
Customers Also Viewed These Support Documents