Intrusion Detection System evasion techniques are modifications made to attacks in order to prevent detection by an Intrusion Detection System (IDS). Almost all published evasion techniques modify network attacks. The 1998 paper Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection popularized IDS evasion, and discussed both evasion techniques and areas where the correct interpretation was ambiguous depending on the targeted computer system. The 'fragroute' and 'fragrouter' programs implement evasion techniques discussed in the paper. Many web vulnerability scanners, such as 'Nikto', 'whisker' and 'Sandcat', also incorporate IDS evasion techniques.
Most IDSs have been modified to detect or even reverse basic evasion techniques, but IDS evasion (and countering IDS evasion) are still active fields.
Read more about Intrusion Detection System Evasion Techniques: Obfuscating Attack Payload, Fragmentation and Small Packets, Overlapping Fragments, Protocol Violations, Inserting Traffic At The IDS, Denial of Service
Famous quotes containing the words system and/or techniques:
“All who wish to hand down to their children that happy republican system bequeathed to them by their revolutionary fathers, must now take their stand against this consolidating, corrupting money power, and put it down, or their children will become hewers of wood and drawers of water to this aristocratic ragocracy.”
—Andrew Jackson (1767–1845)
“The techniques of opening conversation are universal. I knew long ago and rediscovered that the best way to attract attention, help, and conversation is to be lost. A man who seeing his mother starving to death on a path kicks her in the stomach to clear the way, will cheerfully devote several hours of his time giving wrong directions to a total stranger who claims to be lost.”
—John Steinbeck (1902–1968)