Research
Paper Abstract: Combining Evasion Techniques to Avoid Network Intrusion Detection Systems
Three different Network Intrusion Detection System (NIDS) evasion techniques were combined into a three-dimensional testing space. These evasion techniques manipulated the TCP/IP protocol instead of relying on application-specific evasions. A modified version of the Mendax program was used to send the ISAPI .printer attack in the clear to the target system. The evasion techniques used were segmentation of the attack into smaller packets, overlapping data in the packets, and the presence of presequence chaff. Derived from Mendax, presequence chaff places garbage data in the first packet, with sequence numbers less than session start. The testing space was run against a sample NIDS at three levels of sensitivity, showing regions where the combined evasion techniques were not correctly detected.
| Home | About | Products | Services | Research | News | Contact Us |