Content deleted Content added
Denial of Service - Operator Fatigue |
Payload obfuscation |
||
Line 9:
Most IDSs have been modified to detect or even reverse basic evasion techniques, but IDS evasion (and countering IDS evasion) are still active fields.
<span data-ve-clipboard-key="0.5194384298974967-4"> </span>
An IDS can be evaded by obfuscating or encoding the attack payload in a way that the target computer will reverse but the IDS will not. In the past, an adversary using the [[Unicode]] character could encode attack packets that an IDS would not recognize but that an [[Internet Information Services|IIS web server]] would decode and become attacked.▼
==Payload obfuscation==
▲An IDS can be evaded by obfuscating or encoding the attack payload in a way that the target computer will reverse but the IDS will not. In this way, an attacker can exploit the end host without alerting the IDS.An IDS can be evaded by obfuscating or encoding the attack payload in a way that the target computer will reverse but the IDS will not. In the past, an adversary using the [[Unicode]] character could encode attack packets that an IDS would not recognize but that an [[Internet Information Services|IIS web server]] would decode and become attacked.
[[Polymorphic code]] is another means to circumvent signature-based IDSs by creating unique attack patterns, so that the attack does not have a single detectable signature.
| |||