lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: lcamtuf at ghettot.org (Michal Zalewski) Subject: Re: Bypassing "smart" IDSes with misdirected frames? (long and boring) On Fri, 28 May 2004, Jim Bauer wrote: > The IDS will see not see a valid response to the "DATA" command (that is > never received) so it will know it is still in SMTP command mode. Even > if your not-so-smart IDS let this slip by, there is still the issue of > "DEBUG" not being in a valid format for a header. Which is precisely what I stated in the next paragraph. This is a naive example, but illustrates w far broader and non-SMTP-specific problem quite well. There are various protocols or attack vectors that do not involve challenge-response communications (even the problem of distinguishing between message body and message headers can be an example). Cheers, -- ------------------------- bash$ :(){ :|:&};: -- Michal Zalewski * [http://lcamtuf.coredump.cx] Did you know that clones never use mirrors? --------------------------- 2004-05-28 18:19 -- http://lcamtuf.coredump.cx/photo/current/
Powered by blists - more mailing lists