Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Bronze

Interesting thread on IDS Evasion

Greetings,

There's an ongoing thread on the pen-test mailing list over at securityfocus.com involving what the original author suspects is shunning. (Thread index: http://www.securityfocus.com/archive/101/357990/2004-03-16/2004-03-22/1)

In a nutshell, the supposition is that a Cisco IDS is shunning the IP (range?) from which he is running his tests, which involve both "nmap" and "nikto."

What intrigues me is that some of the suggested evasion techniques (fragmentation, session splicing, encryption via SSL) are well know and, with the exception of SSL encrypted exploits, detected by Cisco IDS.

Discussions like this just make me like my sensors more and more... =)

Alex

1 REPLY
Community Member

Re: Interesting thread on IDS Evasion

Thanks for posting that link. I found it very interesting.

166
Views
0
Helpful
1
Replies
CreatePlease to create content