Penetration Testing mailing list archives
Re: Re: Are Fragmentation Attacks Still Used for IDS/IPS Evasion?
From: vijay.upadhyaya () gmail com
Date: 30 Sep 2007 05:29:27 -0000
Oh yea, FRAGROUTE and similar tools are still being used to bypass the IDS/IPS . Unfortunately problem is far more complex, when we add Fragmentation to any simple attack. Success criteria for any Security measures depends on Simplicity, feasibility and performance. In my experience I have found blocking the Fragmented packets at the Gateway as the best solution. Sure you will have trouble with VPN but that issue can be resolved by proper network architecture having VPN gateway coming through different firewall and allowing only VPN traffic through and Fragmented packets will be allowed. There was a paper on Internet with some statistics on how much percentage of traffic on the Internet is fragmented . Hope this helps. Regards, Vijay Upadhyaya ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Are Fragmentation Attacks Still Used for IDS/IPS Evasion? seclt yuri (Sep 25)
- Re: Are Fragmentation Attacks Still Used for IDS/IPS Evasion? Harry Hoffman (Sep 25)
- Re: Are Fragmentation Attacks Still Used for IDS/IPS Evasion? seclt yuri (Sep 25)
- Re: Are Fragmentation Attacks Still Used for IDS/IPS Evasion? Harry Hoffman (Sep 25)
- RE: Are Fragmentation Attacks Still Used for IDS/IPS Evasion? Philippe Bogaerts (Sep 26)
- RE: Are Fragmentation Attacks Still Used for IDS/IPS Evasion? Shenk, Jerry A (Sep 26)
- RE: Are Fragmentation Attacks Still Used for IDS/IPS Evasion? xxradar (Sep 26)
- Re: Are Fragmentation Attacks Still Used for IDS/IPS Evasion? seclt yuri (Sep 25)
- Re: Are Fragmentation Attacks Still Used for IDS/IPS Evasion? Harry Hoffman (Sep 25)
- <Possible follow-ups>
- Re: Re: Are Fragmentation Attacks Still Used for IDS/IPS Evasion? vijay . upadhyaya (Sep 30)
- Re: Are Fragmentation Attacks Still Used for IDS/IPS Evasion? seclt yuri (Sep 30)