| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 10 Jun 2009 17:17:58 +0200
From: "Piotr Bania" <bania.piotr@...il.com>
To: "FULLDISC" <full-disclosure@...ts.grok.org.uk>
Cc: SBUGTRAQ <bugtraq@...urityfocus.com>
Subject: PAPER: Evading network-level emulation
ABSTRACT
Recently more and more attention has been paid to the intrusion detection
systems (IDS) which don't rely on signature based detection approach. Such
solutions try to increase their defense level by using heuristics detection
methods like network-level emulation. This technique allows the intrusion
detection systems to stop unknown threats, which normally couldn't be
stopped by standard signature detection techniques.
In this article author will describe general concepts of network-level
emulation technique including its advantages and disadvantages (weak sides)
together with providing potential countermeasures against this type of
detection method.
Paper can be found at:
http://piotrbania.com/all/articles/pbania-evading-nemu2009.pdf
best regards,
pb
--
--------------------------------------------------------------------
Piotr Bania - <bania.piotr@...il.com> - 0xCD, 0x19
Fingerprint: 413E 51C7 912E 3D4E A62A BFA4 1FF6 689F BE43 AC33
http://www.piotrbania.com - Key ID: 0xBE43AC33
--------------------------------------------------------------------
- "The more I learn about men, the more I love dogs."
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists