Thermoptic Camoflauge: Total Ids Evasion presented at Blackhat USA 2005

by Brian Caswell,

Tags: Security

Summary : Intrusion detection systems have come a
long way since Ptacek and Newsham released their paper on eluding IDS,
but the gap between the attackers and the defenders has never been
wider. This presentation focuses on the two weakest links in the current
generation of intrusion detection solutions: application protocols and
resource limitations. Complex protocols often have the most dangerous
flaws, yet these protocols are barely supported by most intrusion
detection engines. Like any other networking component, intrusion
detection gear often has a "fast path" for normal traffic, and a "slow
path" for handling exceptions. By seeking out and finding the "slow
path", an attacker can control the resource usage of the system and
bypass nearly any state engine or signature. This presentation will dive
into practical attacks on the current generation of IDS and IPS
solutions and demonstrate just how evil a few extra packets can be.