Revision as of 23:06, 29 April 2016 edit Ian (Wiki Ed) (talk \| contribs) Autopatrolled, Extended confirmed users, Page movers, IP block exemptions 95,352 edits →Operator Fatigue: format Tag: Visual edit ← Previous edit		Revision as of 04:51, 24 June 2016 edit undo 121.241.214.29 (talk) →Overlapping fragments and TCP segments Next edit →
Line 28: === Overlapping fragments and TCP segments === Another evasion technique is to craft a series of packets with [[Transmission Control Protocol\|TCP sequence numbers]] configured to overlap. For example, the first packet will include 80 bytes of payload but the second packet's sequence number will be 76 bytes after the start of the first packet. When the target computer reassembles the TCP stream, they must decide how to handle the four overlapping bytes. Some operating systems will take the older data, and some will take the newer data.<ref name=":04" /> If the IDS doesn't reassemble the TCP in the same way as the target, it can manipulated into either missing a portion of the attack payload or seeing benign data inserted into the malicious payload, breaking the attack signature.<ref name=":12" /><ref name=":04" /> This technique can also be used with IP fragmentation in a similar manner. d === Protocol ambiguities ===

Intrusion detection system evasion techniques: Difference between revisions