Defeating Network Intrusion Detection. presented at Blackhat USA 1998

by Thomas Ptacek,

Tags: Security Monitoring

Summary : Network intrusion detection (ID), a technology that attempts to identify attackers by monitoring network traffic, is fast becoming one of the hottest products in the security market. Beneath the hype, however, lie some serious concerns about the reliability of currently available ID systems, as well as the fundamental techniques they use to collect information. This talk will explain why the most popular ID systems on the market can't be trusted, demonstrate how to avoid detection by them, and, in the process, eliminate some very widespread misunderstandings about the capabilities of sniffers and intrusion detection systems.