Re: RPC/TCP Record Marking for IDS Evasion
From: Robert Freeman (freem100@chapman.edu)Date: 01/11/02
- Previous message: Kurt Seifried: "How to hide a file ?"
- In reply to: diphen@agitation.net: "RPC/TCP Record Marking for IDS Evasion"
- Next in thread: Dug Song: "Re: RPC/TCP Record Marking for IDS Evasion"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Robert Freeman" <freem100@chapman.edu> To: <diphen@agitation.net>, <vuln-dev@securityfocus.com> Date: Thu, 10 Jan 2002 23:52:50 -0800
> So... The obvious question: What's an IDS that doesn't fully process RPC
> going to do if I split up my, say, buffer overflow, across 2 RPC
> Fragments?
It's not a new method, though you are right about its effect. I would be
curious to know how widely used this technique is.
- Previous message: Kurt Seifried: "How to hide a file ?"
- In reply to: diphen@agitation.net: "RPC/TCP Record Marking for IDS Evasion"
- Next in thread: Dug Song: "Re: RPC/TCP Record Marking for IDS Evasion"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
