|
Intrusion Detection System evasion techniques are modifications made to attacks in order to prevent detection by an Intrusion Detection System (IDS). Almost all published evasion techniques modify network attacks. The 1998 paper ''(Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection )'' popularized IDS evasion, and discussed both evasion techniques and areas where the correct interpretation was ambiguous depending on the targeted computer system. The 'fragroute' and 'fragrouter' programs implement evasion techniques discussed in the paper. Many web vulnerability scanners, such as 'Nikto', 'whisker' and 'Sandcat', also incorporate IDS evasion techniques. Most IDSs have been modified to detect or even reverse basic evasion techniques, but IDS evasion (and countering IDS evasion) are still active fields. == Obfuscating attack payload == An IDS can be evaded by obfuscating or encoding the attack payload in a way that the target computer will reverse but the IDS will not. In the past, an adversary using the Unicode character could encode attack packets that an IDS would not recognize but that an IIS web server would decode and become attacked. Polymorphic code is another means to circumvent signature-based IDSs by creating unique attack patterns, so that the attack does not have a single detectable signature. Attacks on encrypted protocols such as HTTPS are obfuscated if the attack is encrypted. Intrusion detection systems are often repetitive and can be avoided by anticipating their predictable patterns. Memorization of said patterns and the subsequent avoidance of such can lead to a successful intrusion.〔http://www.youtube.com/watch?v=tyzLHFkdv6E〕 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「Intrusion detection system evasion techniques」の詳細全文を読む スポンサード リンク
|