Stealth encoding bypasses IDS protection
Source: TheRegister - Posted by Dave Wreski   
Intrusion Detection Cisco's Intrusion Detection System (IDS)is not the only technology that fails to protect ISS Web servers against stealth unicode attacks. An advisory by eEye Digital Security, reports that network and server sensors from ISS, Dragon Sensor 4.x, Snort (prior to version . . . Cisco's Intrusion Detection System (IDS)is not the only technology that fails to protect ISS Web servers against stealth unicode attacks. An advisory by eEye Digital Security, reports that network and server sensors from ISS, Dragon Sensor 4.x, Snort (prior to version 1.8.1) and components of Cisco Secure IDS are affected by the issue. Symantec and Network Associates have stated that their products are not vulnerable.

Links to patches and advisories from vendors affected by the issue have been collated by Security Focus and can be found here. Last week we reported that Cisco had to alert its customers about the problem only a day after announcing enhancements to its Secure IDS products..

In fact the non-standard method of encoding Web requests (called '%u'), which Microsoft's IIS supports but an IDS fails to decode, can allow the creation of an attack which bypasses the IDS set-ups of most vendors.

Read this full article at TheRegister

Only registered users can write comments.
Please login or register.

Powered by AkoComment!