Vulnerability Development mailing list archives
Re: RPC/TCP Record Marking for IDS Evasion
From: "Robert Freeman" <freem100 () chapman edu>
Date: Thu, 10 Jan 2002 23:52:50 -0800
So... The obvious question: What's an IDS that doesn't fully process RPC going to do if I split up my, say, buffer overflow, across 2 RPC Fragments?
It's not a new method, though you are right about its effect. I would be curious to know how widely used this technique is.
Current thread:
- RPC/TCP Record Marking for IDS Evasion diphen (Jan 11)
- Re: RPC/TCP Record Marking for IDS Evasion Robert Freeman (Jan 11)
- Re: RPC/TCP Record Marking for IDS Evasion Dug Song (Jan 12)
- Re: RPC/TCP Record Marking for IDS Evasion Jeff Nathan (Jan 12)