SCF Advanced Search

  • Total Posts: 37567
  • Total Topics: 12292
  • Online Today: 1138
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)

Author Topic: IPS Countermeasures Fight Obfuscation, Evasion  (Read 1349 times)

0 Members and 1 Guest are viewing this topic.


  • SCF VIP Member
  • *****
  • Posts: 776
  • KARMA: 117
  • Gender: Male
  • Pez
IPS Countermeasures Fight Obfuscation, Evasion
« on: 31. January 2013., 09:32:20 »
IPS Countermeasures Fight Obfuscation, Evasion

Before the advent of intrusion detection systems (IDS) and intrusion prevention systems (IPS), firewalls served as the primary technology to help organizations block unwanted traffic. With application-layer protocols lacking detection, attackers were able to disguise malicious traffic and remotely exploit applications. To stop these kinds of attacks, the security industry created IPS/IDS technologies to detect these attacks and block connections before any exploitation could occur.

Since the introduction of IPS, attackers have tried to find new ways to evade detections by these systems. One technique is fragmentation: The data that is normally sent in the channel is fragmented and is reconstructed only at the receiver’s end. It is possible to add the malicious traffic as part of the data that gets fragmented. When the data is reconstructed at the receiver, it can exploit the targeted application. Such fragmentation techniques could be applied in various protocols of the application layer.

The focus of IPS vendors recently is to address these issues and also stay ahead of attackers in spite of their obfuscation techniques. These evasions continued to evolve as attackers attacked application-layer protocols. By parsing client application-layer data, IPS can identify any payload that is injected and reduce the number of attacks.

The high number of attacks that the security industry has witnessed in the last few years shows the sophistication involved in writing the exploit code (malware, malicious scripts). Attackers reverse-engineer the workings of IPS detection mechanisms and develop attacks that fully understand the security application, and that take advantage of its features. Evasion has become a key strategy for attackers to avoid detection.

In a series of blogs we will look at the evasion technique of encoding, the process in which one character is paired with a code. When this character is encoded, the equivalent code for the character is displayed; this can be converted back to the original character by the process of decoding. Employing this technique, attackers have encoded complete payloads, thereby hiding the presence of exploit code. Encoding has become one of the major challenges of detection.

In this series we will explain the current methodologies employed in evading detection and prevention systems, an ideal system to detect and prevent these attacks, and McAfee’s solution to prevent these attacks.

Orginal article: Wednesday, January 30, 2013 at 3:25pm by Srikanth Veeraraghavan
Their is two easy way to configure a system!
Every thing open and every thing closed.
Every thing else is more or less complex.

Start Turfing !,8405.msg21475.html#msg21475

Samker's Computer Forum -

IPS Countermeasures Fight Obfuscation, Evasion
« on: 31. January 2013., 09:32:20 »


With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters)

Enter your email address to receive daily email with ' - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising