Content deleted Content added
added suggestion for additional techniques to discuss |
m Maintain {{WPBS}} and vital articles: 2 WikiProject templates. Create {{WPBS}}. Keep majority rating "Start" in {{WPBS}}. Remove 2 same ratings as {{WPBS}} in {{WikiProject Computer Security}}, {{WikiProject Computing}}. Tag: |
||
| (8 intermediate revisions by 7 users not shown) | |||
Line 1:
{{WikiProject banner shell|class=Start|
{{WikiProject Computer Security|importance=Low}}
{{WikiProject Computing|importance=Low}}
}}
==Untitled==
My first wiki page - so I'm sure it will need some editing to comply with wiki standards. This page takes content from the [[Intrusion detection system]] entry and fleshes it out, and also fills in the missing [[Tiny Fragment Attack]] and [[Overlapping Fragment Attack]] entries requested on [[Wikipedia:Requested articles/Applied_arts_and_sciences/Computer_science%2C_computing%2C_and_Internet]] --[[User:Sgorton|Sgorton]] 21:08, 5 February 2007 (UTC)
this article needs some serious additions, there should be discussion of Dan Kaminsky's temporal ip fraging attacks, there should be mention of different web encodings, like chuncked encodings to evade, use of uuencoding in email, url encoding in uri's, double and tripple url encodings, gziping web pages, msrpc fragmentation, many IPSs simply look for jmp esp offsets, so changing the defaults on an exploit often works, playing games with TCP segmentation rules for accept first vs accept last can be used, mislabling file types, embedding one type in another (as seen on some of Alex Wheeler's AV bugs), unicode in url's, tunneling traffic using something like ip in ip often works (when applicable), encrypting connections to target hosts (e.g. attacking apache over ssl so the IPS cant see it), encoding a web page with java script and assembling offending content client side, double/tripple/etc encoding with java script...those are just a few off the top of my head, some of that is covered a little bit but it would be nice some of this added...I can try to add some of that as time permits --[[User:Abaddon314159|Michael Lynn]] 01:03, 21 March 2007 (UTC)
: Sure, those would be good things to add in. Do you think that 'encoding' is part of 'obfuscation', or is its own top-level evasion category? I'm leaning toward the latter, particularly after your list of encoding-related techniques. I can try to add some when I have time, or you can, either way. --[[User:Sgorton|Sgorton]] 17:48, 22 March 2007 (UTC)
==Wiki Education Foundation-supported course assignment==
[[File:Sciences humaines.svg|40px]] This article is or was the subject of a Wiki Education Foundation-supported course assignment. Further details are available [[Wikipedia:Wiki_Ed/Northeastern_University/Advanced_Writing_for_the_Technical_Professions_(Spring_2016)|on the course page]]. Student editor(s): [[User:Pickyt|Pickyt]].
{{small|Above undated message substituted from [[Template:Dashboard.wikiedu.org assignment]] by [[User:PrimeBOT|PrimeBOT]] ([[User talk:PrimeBOT|talk]]) 00:45, 17 January 2022 (UTC)}}
== Plans for additions ==
Hi, I wanted to get some feedback on the edits I'm planning on making to this article (sometime between April 5th & 8th).
I'm planning to group techniques into 3 sections with subsections:
# Insertion and Evasion: Fragmentation & Small packets, Overlapping fragments and TCP segments, Protocol ambiguities, Low-bandwidth attacks
# Payload obfuscation: Encodings and Encryption, Polymorphism
# Denial of Service: CPU Exhaustion, Memory Exhaustion, Operator Fatigue
I'm also adding citations. Here's what I have so far:
* Ptacek, Thomas H.; Newsham, Timothy N. (1998-01-01). "Insertion, evasion, and denial of service: Eluding network intrusion detection".
* Cheng, Tsung-Huan; Lin, Ying-Dar; Lai, Yuan-Cheng; Lin, Po-Ching. "Evasion Techniques: Sneaking through Your Intrusion Detection/Prevention Systems". IEEE Communications Surveys & Tutorials 14 (4): 1011–1020. doi:10.1109/surv.2011.092311.00082.
* Corona, Igino; Giacinto, Giorgio; Roli, Fabio. "Adversarial attacks against intrusion detection systems: Taxonomy, solutions and open issues". Information Sciences 239: 201–225. doi:10.1016/j.ins.2013.03.022.
* Chaboya, D. J.; Raines, R. A.; Baldwin, R. O.; Mullins, B. E. (2006-11-01). "Network Intrusion Detection: Automated and Manual Methods Prone to Attack and Evasion". IEEE Security Privacy 4 (6): 36–43. doi:10.1109/MSP.2006.159. ISSN 1540-7993.
If anyone has any pointers for papers to look at, I'd really appreciate it.
Let me know what you think, and thanks for your help! [[User:Pickyt|Pickyt]] ([[User talk:Pickyt|talk]]) 16:13, 1 April 2016 (UTC)
== External links modified ==
Hello fellow Wikipedians,
I have just modified one external link on [[Intrusion detection system evasion techniques]]. Please take a moment to review [[special:diff/810532826|my edit]]. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit [[User:Cyberpower678/FaQs#InternetArchiveBot|this simple FaQ]] for additional information. I made the following changes:
*Added archive https://web.archive.org/web/20070203195859/http://www.cirt.net/code/nikto.shtml to http://www.cirt.net/code/nikto.shtml
When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.
{{sourcecheck|checked=false|needhelp=}}
Cheers.—[[User:InternetArchiveBot|'''<span style="color:darkgrey;font-family:monospace">InternetArchiveBot</span>''']] <span style="color:green;font-family:Rockwell">([[User talk:InternetArchiveBot|Report bug]])</span> 21:07, 15 November 2017 (UTC)
| |||