Content deleted Content added
updated external links |
remove proxy url that duplicates doi |
||
Line 7:
=== Encoding and encryption ===
Application layer protocols like [[Hypertext Transfer Protocol|HTTP]] allow for multiple encodings of data which are interpreted as the same value. For example, the string "cgi-bin" in a [[Uniform Resource Locator|URL]] can be encoded as "%63%67%69%2d%62%69%6e" (i.e., in hexadecimal).<ref name=":12">{{Cite journal|last=Cheng|first=Tsung-Huan|last2=Lin|first2=Ying-Dar|last3=Lai|first3=Yuan-Cheng|last4=Lin|first4=Po-Ching|title=Evasion Techniques: Sneaking through Your Intrusion Detection/Prevention Systems
Attacks on encrypted protocols such as [[HTTPS]] cannot be read by an IDS unless the IDS has a copy of the private key used by the server to encrypt the communication.<ref name=":04">{{Cite journal|last=Ptacek|first=Thomas H.|last2=Newsham|first2=Timothy N.|date=1998-01-01|title=Insertion, evasion, and denial of service: Eluding network intrusion detection|url=http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.119.399&rank=1}}</ref> The IDS won't be able to match the encrypted traffic to signatures if it doesn't account for this.
|