Re: RPC/TCP Record Marking for IDS Evasion

From: Robert Freeman (
Date: 01/11/02

From: "Robert Freeman" <>
To: <>, <>
Date: Thu, 10 Jan 2002 23:52:50 -0800

> So... The obvious question: What's an IDS that doesn't fully process RPC
> going to do if I split up my, say, buffer overflow, across 2 RPC
> Fragments?

It's not a new method, though you are right about its effect. I would be
curious to know how widely used this technique is.