Intrusion Detection System evasion techniques are modifications made to attacks in order to prevent detection by an Intrusion Detection System (IDS). Almost all published evasion techniques modify network attacks. The 1998 paper Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection popularized IDS evasion, and discussed both evasion techniques and areas where the correct interpretation was ambiguous depending on the targeted computer system. The 'fragroute' and 'fragrouter' programs implement evasion techniques discussed in the paper. Many web vulnerability scanners, such as 'Nikto', 'whisker' and 'Sandcat', also incorporate IDS evasion techniques.
Most IDSs have been modified to detect or even reverse basic evasion techniques, but IDS evasion (and countering IDS evasion) are still active fields.
Read more about Intrusion Detection System Evasion Techniques: Obfuscating Attack Payload, Fragmentation and Small Packets, Overlapping Fragments, Protocol Violations, Inserting Traffic At The IDS, Denial of Service
Famous quotes containing the words system and/or techniques:
“You and I ... are convinced of the fact that if our Government in Washington and in a majority of the States should revert to the control of those who frankly put property ahead of human beings instead of working for human beings under a system of government which recognizes property, the nation as a whole would again be in a bad situation.”
—Franklin D. Roosevelt (1882–1945)
“The techniques of opening conversation are universal. I knew long ago and rediscovered that the best way to attract attention, help, and conversation is to be lost. A man who seeing his mother starving to death on a path kicks her in the stomach to clear the way, will cheerfully devote several hours of his time giving wrong directions to a total stranger who claims to be lost.”
—John Steinbeck (1902–1968)