It looks like you're new here. If you want to get involved, click one of these buttons!
Just as the title says: Anyone know any techniques for circumventing a IDS/IDPS.
[IDS = Intrusion Detection System]
[Some companies call it a IDPS(Intrusion Detection/Prevention System)]
I'm not really much into "literal" hacking[yet] so don't wanna' try this just yet, but I'm wondering how this would be done?
And BTW - I can write a whitepaper on IDS/IDPS if anyone wants it...
'specially a heuristic one... or a active one[say blocks port X for X time until data stops, or just blocks(theoretically K:line/Z:line) the IP?]
What about a network-based one? [NIDS]? Wouldn't a properly set-up one be able to still block that?
but backdoors that use SSL are ideal for any scenario. Not in that it's more secure or anything stupid like that, it's just SSL will obfuscate the network traffic giving you a better chance of throwing off an IPS.
What about a network-based one? [NIDS]? Wouldn't a properly set-up one be able to still block that?
but backdoors that use SSL are ideal for any scenario. Not in that it's more secure or anything stupid like that, it's just SSL will obfuscate the network traffic giving you a better chance of throwing off an IPS.
No, unless if the company was stripping SSL on their own network, which would be retarded. All the NIPS will see is a bunch of garbage. I have never heard of a NIPS that can see SSL encrypted shell traffic.
I take back what I said, a combination of SSLv3 with TLS would be ideal for a backdoor, but at the same time, probably ridiculous to code.
On the other hand, I have seen an ssh backdoor before, granted if the ssh key was strong, that would suffice for evading a NIPS too.
Thanks for the info. Do you know of any company's that provide such solutions? I just wanna' read more up on this stuff. After what you've said makes it seem almost pointless for a company to even bother implementing such a solution.
Thanks :-)