Full Disclosure mailing list archives
PAPER: Evading network-level emulation
From: "Piotr Bania" <bania.piotr () gmail com>
Date: Wed, 10 Jun 2009 17:17:58 +0200
ABSTRACT Recently more and more attention has been paid to the intrusion detection systems (IDS) which don't rely on signature based detection approach. Such solutions try to increase their defense level by using heuristics detection methods like network-level emulation. This technique allows the intrusion detection systems to stop unknown threats, which normally couldn't be stopped by standard signature detection techniques. In this article author will describe general concepts of network-level emulation technique including its advantages and disadvantages (weak sides) together with providing potential countermeasures against this type of detection method. Paper can be found at: http://piotrbania.com/all/articles/pbania-evading-nemu2009.pdf best regards, pb -- -------------------------------------------------------------------- Piotr Bania - <bania.piotr () gmail com> - 0xCD, 0x19 Fingerprint: 413E 51C7 912E 3D4E A62A BFA4 1FF6 689F BE43 AC33 http://www.piotrbania.com - Key ID: 0xBE43AC33 -------------------------------------------------------------------- - "The more I learn about men, the more I love dogs." _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- PAPER: Evading network-level emulation Piotr Bania (Jun 10)