Intrusion Detection System evasion techniques are modifications made to attacks in order to prevent detection by an Intrusion Detection System (IDS). Almost all published evasion techniques modify network attacks. The 1998 paper Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection popularized IDS evasion, and discussed both evasion techniques and areas where the correct interpretation was ambiguous depending on the targeted computer system. The 'fragroute' and 'fragrouter' programs implement evasion techniques discussed in the paper. Many web vulnerability scanners, such as 'Nikto', 'whisker' and 'Sandcat', also incorporate IDS evasion techniques.
Most IDSs have been modified to detect or even reverse basic evasion techniques, but IDS evasion (and countering IDS evasion) are still active fields.
Read more about Intrusion Detection System Evasion Techniques: Obfuscating Attack Payload, Fragmentation and Small Packets, Overlapping Fragments, Protocol Violations, Inserting Traffic At The IDS, Denial of Service
Famous quotes containing the words system and/or techniques:
“Exploitation and oppression is not a matter of race. It is the system, the apparatus of world-wide brigandage called imperialism, which made the Powers behave the way they did. I have no illusions on this score, nor do I believe that any Asian nation or African nation, in the same state of dominance, and with the same system of colonial profit-amassing and plunder, would have behaved otherwise.”
—Han Suyin (b. 1917)
“It is easy to lose confidence in our natural ability to raise children. The true techniques for raising children are simple: Be with them, play with them, talk to them. You are not squandering their time no matter what the latest child development books say about “purposeful play” and “cognitive learning skills.””
—Neil Kurshan (20th century)