Advanced Evasion Techniques

Thursday, June 16, 2011

Rod MacPherson

314f19f082e69886c20e31c70fe6dceb

 

I attended SC Congress Canada 2011 on Tuesday and Wednesday this week, and perhaps the most interesting talk I attended was Stonesoft and ICSA's Advanced Evasion Techniques.

Stonesoft discovered that with certain evasion techniques (particularly when combined in particular combinations) they could sneak common exploits past many (including their own, at the time) IDS/IPS systems.

They built a tool to repeat these tests on a variety of systems, and proved that with the right know how, and the right tool set (including a custom TCP/IP stack) attackers could sneak past our best defenses.

Packet captures were sent to ICSA along with info so they could try to reproduce these results in their own labs. They did!

This is real and they foresee a not too distant future where things like botnet kits will have this as a checkbox feature.

These evasion techniques are not attacks on their own, but rather a sneaky way to get whatever attack you want to use past the network monitoring and policing systems to the target host.

It's not about the bad-guy asking "How can I hack in?", but "How can I hack in without being seen?"

Check out the research paper, and packet captures if you are really techie, at http://www.antievasion.com/

Cross-posted from Rod's Tech

Possibly Related Articles:
12537
IDS/IDP
Information Security
Botnets ICSA Monitoring IDS/IPS TCP Stonesoft Evasion Techniques
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.