|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Greg Hoglund (hoglund
IEWAY.COM)Date: Mon Jan 08 2001 - 12:31:05 CST
> Claim: Ptacek-Newsham tricks will evade NIDS.
> Reality: Hackers aren't using them - yet. Most cannot be easily
"scripted".
> As the attacks become more practical, so will the defenses.
I just wanted to chime in quickly on this point. No offence intended to
you, Robert - your other points were all dead-on and I fully agree.
However, this particular point is not correct. Most of the NIDS evasion
tricks are in use by hackers, and they are implemented via loadable modules
or NDIS drivers (in the case of NT). They exist - and I have seen examples
of them as far back as two years ago.
I'm sure the number of hackers NOT using these tricks far outweigh those
that do - which would explain your opinion -- but it's all a matter of
saturation. The fact is that it's as easily scripted as typing 'insmod'.
-Greg Hoglund
http://www.clicktosecure.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]