-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --On Thursday, October 17, 2002 21:02:16 +0100 Dom De Vitto <domat_private> wrote: [...] > I'd also suggest you check out cutting edge anti-ids techniques, > including using urgent data points and boundary anomalies to cause > IDSs to reform data streams differently to OS IP stacks. [...] > Dom > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > Dom De Vitto Tel. 07855 805 271 > http://www.devitto.com mailto:domat_private > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - I wouldn't want to nit-pick but in the case of stream reassembly evasion and NIDS evasion in general, those sorts of techniques are at least 4 years old. In the case of urgent data there still may be some valid evasion techniques lingering from historical implementations but their result will largely be an off-by-one in the handling of urgent data for strictly RFC compliant stacks. An inline device, of course, doesn't suffer from these issues. It simply enforces a policy, including that of dropping packets that aren't quite right. - -Jeff - -- http://jeff.wwti.com (pgp key available) "Common sense is the collection of prejudices acquired by age eighteen." - - Albert Einstein -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (OpenBSD) iD8DBQE9sDrEEqr8+Gkj0/0RAowAAJ9CMfX/SeafPoLm6r3xpZ+8PC8U3QCgj2ZX Y2klv4OiOwnejyRyHvk5+4I= =ZY1H -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Sat Oct 19 2002 - 09:34:36 PDT