IDS: Re: Foolin an IDS ?

[Jose Nazario <jose () monkey org>]

On Sat, 27 Nov 2004, Sec Traq wrote:

> I have read a couple of papers on how to fool and IDS. One of them from
> phrack. I find the subject really interesting and am considering it as
> an MSc. project, but i need more advanced and technical papers. If any1
> could advice ur help would be appriciated.
every year several technical, well designed papers emerge at usenix
security, RAID, and other IEEE and ACM conferences that work on the
problems raised by ptacek and newsham's seminal paper "insertion, evasion,
and enial of service". use scholar.google.com or citeseer and see who has
cited them. names to look for include malan, paxson, and others. everyone
invariably cites that paper, so following the reference track is the
easiest way to get lots of data on IDS "foolery" research.

i'm not familiar with what you've read, so i'm giving you generic advice.

________
jose nazario, ph.d.                     jose () monkey org
http://monkey.org/~jose/                http://infosecdaily.net/

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------