Re: Re: Are Fragmentation Attacks Still Used for IDS/IPS Evasion?

From: vijay.upadhyaya@gmail.com
Date: Sun Sep 30 2007 - 01:29:27 EDT

('binary' encoding is not supported, stored as-is) Oh yea, FRAGROUTE and similar tools are still being used to bypass the IDS/IPS .
Unfortunately problem is far more complex, when we add Fragmentation to any simple attack.
Success criteria for any Security measures depends on Simplicity, feasibility and performance.

In my experience I have found blocking the Fragmented packets at the Gateway as the best solution. Sure you will have trouble with VPN but that issue can be resolved by proper network architecture having VPN gateway coming through different firewall and allowing only VPN traffic through and Fragmented packets will be allowed.

There was a paper on Internet with some statistics on how much percentage of traffic on the Internet is fragmented .

Hope this helps.
Regards,
Vijay Upadhyaya

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:08 EDT