Re: RPC Evasion techniques
From: Dave Aitel (dave_at_immunitysec.com)
Date: 10/28/05
- Previous message: Evil Adam Smith: "On the definition of false positive - was: Re: location of an IPS"
- In reply to: tcp fin: "RPC Evasion techniques"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 28 Oct 2005 04:21:38 -0400 To: tcp fin <inet_inaddr@yahoo.com>
Here are two openoffice presentations on the subject.
http://www.immunitysec.com/downloads/canvas_reference_implementation.sxi
http://www.immunitysec.com/downloads/Practical_IDS_Evasion.sxi
These sorts of things still work pretty well, especially against the
faster IDS's, although the techniques are easier to do on DCE-RPC than
ONCRPC.
-dave
tcp fin wrote:
> Hi Guys ,
> Any tips and tricks or good article on IDS/IPS evasion
> ?
> I have beautiful paper "Insertion, Evasion and Denial
> of Service:
> Eluding Network Intrusion detection".
> I need some pointers on RPC based evasion techniques.
>
> Regards,
> TCP FIN .
>
>
>
>
> __________________________________
> Yahoo! Mail - PC Magazine Editors' Choice 2005
> http://mail.yahoo.com
>
>
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
- Previous message: Evil Adam Smith: "On the definition of false positive - was: Re: location of an IPS"
- In reply to: tcp fin: "RPC Evasion techniques"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
