Re: RPC Evasion techniques

From: Dave Aitel (dave_at_immunitysec.com)
Date: 10/28/05

  • Next message: Planz: "Re: Proventia G400"
    Date: Fri, 28 Oct 2005 04:21:38 -0400
    To: tcp fin <inet_inaddr@yahoo.com>
    
    

    Here are two openoffice presentations on the subject.
    http://www.immunitysec.com/downloads/canvas_reference_implementation.sxi
    http://www.immunitysec.com/downloads/Practical_IDS_Evasion.sxi

    These sorts of things still work pretty well, especially against the
    faster IDS's, although the techniques are easier to do on DCE-RPC than
    ONCRPC.

    -dave

    tcp fin wrote:
    > Hi Guys ,
    > Any tips and tricks or good article on IDS/IPS evasion
    > ?
    > I have beautiful paper "Insertion, Evasion and Denial
    > of Service:
    > Eluding Network Intrusion detection".
    > I need some pointers on RPC based evasion techniques.
    >
    > Regards,
    > TCP FIN .
    >
    >
    >
    >
    > __________________________________
    > Yahoo! Mail - PC Magazine Editors' Choice 2005
    > http://mail.yahoo.com
    >
    >

    ------------------------------------------------------------------------
    Test Your IDS

    Is your IDS deployed correctly?
    Find out quickly and easily by testing it
    with real-world attacks from CORE IMPACT.
    Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
    to learn more.
    ------------------------------------------------------------------------


  • Next message: Planz: "Re: Proventia G400"