Content deleted Content added
Line 18:
Polymorphic attacks don't have a single detectable signature, making them very difficult for signature-based IDS, and even some anomaly-based IDS, to detect.<ref name=":12" /><ref name=":32" /> [[Shikata ga nai]] ("it cannot be helped") is a popular polymorphic encoder in the [[Metasploit Project|Metasploit]] framework used to convert malicious [[shellcode]] into difficult-to-detect polymorphic shellcode using XOR additive feedback.<ref>{{cite web|url=http://www.rapid7.com/db/modules/encoder/x86/shikata_ga_nai|title=Polymorphic XOR Additive Feedback Encoder|work=rapid7.com}}</ref>
==
Attackers can evade IDS by crafting packets in such a way that the end host interprets the attack payload correctly while the IDS either interprets the attack incorrectly or determines that the traffic is benign too quickly.<ref name=":04" />
| |||