Talk:Intrusion detection system evasion techniques

Computer security: Computing Unassessed

This article is within the scope of WikiProject Computer security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.Computer securityWikipedia:WikiProject Computer securityTemplate:WikiProject Computer securityComputer security ??? This article has not yet received a rating on Wikipedia's content assessment scale. ??? This article has not yet received a rating on the project's importance scale. This article is supported by WikiProject Computing. Things you can help WikiProject Computer security with: Article alerts are available, updated by AAlertBot. More information... Review importance and quality of existing articles Identify categories related to Computer Security Tag related articles Identify articles for creation (see also: Article requests) Identify articles for improvement Create the Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc. Find editors who have shown interest in this subject and ask them to take a look here.

Computing Unassessed

This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.ComputingWikipedia:WikiProject ComputingTemplate:WikiProject ComputingComputing ??? This article has not yet received a rating on Wikipedia's content assessment scale. ??? This article has not yet received a rating on the project's importance scale.

My first wiki page - so I'm sure it will need some editing to comply with wiki standards. This page takes content from the Intrusion detection system entry and fleshes it out, and also fills in the missing Tiny Fragment Attack and Overlapping Fragment Attack entries requested on Wikipedia:Requested articles/Applied_arts_and_sciences/Computer_science,_computing,_and_Internet --Sgorton 21:08, 5 February 2007 (UTC)[reply]

this article needs some serious additions, there should be discussion of Dan Kaminsky's temporal ip fraging attacks, there should be mention of different web encodings, like chuncked encodings to evade, use of uuencoding in email, url encoding in uri's, double and tripple url encodings, gziping web pages, msrpc fragmentation, many IPSs simply look for jmp esp offsets, so changing the defaults on an exploit often works, playing games with TCP segmentation rules for accept first vs accept last can be used, mislabling file types, embedding one type in another (as seen on some of Alex Wheeler's AV bugs), unicode in url's, tunneling traffic using something like ip in ip often works (when applicable), encrypting connections to target hosts (e.g. attacking apache over ssl so the IPS cant see it), encoding a web page with java script and assembling offending content client side, double/tripple/etc encoding with java script...those are just a few off the top of my head, some of that is covered a little bit but it would be nice some of this added...I can try to add some of that as time permits --Michael Lynn 01:03, 21 March 2007 (UTC)[reply]

Sure, those would be good things to add in. Do you think that 'encoding' is part of 'obfuscation', or is its own top-level evasion category? I'm leaning toward the latter, particularly after your list of encoding-related techniques. I can try to add some when I have time, or you can, either way. --Sgorton 17:48, 22 March 2007 (UTC)[reply]