Re: RPC/TCP Record Marking for IDS Evasion

From: Robert Freeman (freem100at_private)
Date: Thu Jan 10 2002 - 23:52:50 PST

Next message: Andersen, Thomas Bjoern: "RE: OS X Shell Code"

Previous message: Meder Kydyraliev: "Re[2]: OS X Shell Code"
In reply to: diphenat_private: "RPC/TCP Record Marking for IDS Evasion"
Next in thread: Dug Song: "Re: RPC/TCP Record Marking for IDS Evasion"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> So... The obvious question: What's an IDS that doesn't fully process RPC
> going to do if I split up my, say, buffer overflow, across 2 RPC
> Fragments?

It's not a new method, though you are right about its effect. I would be
curious to know how widely used this technique is.

Next message: Andersen, Thomas Bjoern: "RE: OS X Shell Code"
Previous message: Meder Kydyraliev: "Re[2]: OS X Shell Code"
In reply to: diphenat_private: "RPC/TCP Record Marking for IDS Evasion"
Next in thread: Dug Song: "Re: RPC/TCP Record Marking for IDS Evasion"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jan 11 2002 - 08:40:55 PST