Fragmentation and Small Packets
One basic technique is to split the attack payload into multiple small packets, so that the IDS must reassemble the packet stream to detect the attack. A simple way of splitting packets is by fragmenting them, but an adversary can also simply craft packets with small payloads. The 'whisker' evasion tool calls crafting packets with small payloads 'session splicing'.
By itself, small packets will not evade any IDS that reassembles packet streams. However, small packets can be further modified in order to complicate reassembly and detection. One evasion technique is to pause between sending parts of the attack, hoping that the IDS will time out before the target computer does. A second evasion technique is to send the packets out of order, confusing simple packet reassemblers but not the target computer.
Read more about this topic: Intrusion Detection System Evasion Techniques
Famous quotes containing the word small:
“It is in the small things we see it.
The child’s first step,
as awesome as an earthquake.
The first time you rode a bike,
wallowing up the sidewalk.”
—Anne Sexton (1928–1974)