Intrusion Detection System evasion techniques are modifications made to attacks in order to prevent detection by an Intrusion Detection System (IDS). Almost all published evasion techniques modify network attacks. The 1998 paper Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection popularized IDS evasion, and discussed both evasion techniques and areas where the correct interpretation was ambiguous depending on the targeted computer system. The 'fragroute' and 'fragrouter' programs implement evasion techniques discussed in the paper. Many web vulnerability scanners, such as 'Nikto', 'whisker' and 'Sandcat', also incorporate IDS evasion techniques.
Most IDSs have been modified to detect or even reverse basic evasion techniques, but IDS evasion (and countering IDS evasion) are still active fields.
Read more about Intrusion Detection System Evasion Techniques: Obfuscating Attack Payload, Fragmentation and Small Packets, Overlapping Fragments, Protocol Violations, Inserting Traffic At The IDS, Denial of Service
Famous quotes containing the words system and/or techniques:
“Fear, coercion, punishment, are the masculine remedies for moral weakness, but statistics show their failure for centuries. Why not change the system and try the education of the moral and intellectual faculties, cheerful surroundings, inspiring influences? Everything in our present system tends to lower the physical vitality, the self-respect, the moral tone, and to harden instead of reforming the criminal.”
—Elizabeth Cady Stanton (1815–1902)
“The techniques of opening conversation are universal. I knew long ago and rediscovered that the best way to attract attention, help, and conversation is to be lost. A man who seeing his mother starving to death on a path kicks her in the stomach to clear the way, will cheerfully devote several hours of his time giving wrong directions to a total stranger who claims to be lost.”
—John Steinbeck (1902–1968)