Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: Are Fragmentation Attacks Still Used for IDS/IPS Evasion?

From: vijay.upadhyaya () gmail com
Date: 30 Sep 2007 05:29:27 -0000
Oh yea, FRAGROUTE and similar tools are still being used to bypass the IDS/IPS . 
Unfortunately problem is far more complex, when we add Fragmentation to any simple attack. 
Success criteria for any Security measures depends  on Simplicity, feasibility and performance.

In my experience I have found blocking the Fragmented packets at the Gateway as the best solution. Sure you will have 
trouble with VPN  but that issue can be resolved by proper network architecture having VPN gateway coming through 
different firewall and allowing only VPN traffic through and Fragmented packets will be allowed. 

There was a paper on Internet with some statistics on how much percentage of  traffic on the Internet is fragmented . 

Hope this helps.
Regards, 
Vijay Upadhyaya 

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: