You have successfully gained access to a linux server and would like to ensure that the succeeding outgoing traffic from this server will not be caught by a Network Based Intrusion Detection
Systems (NIDS).
What is the best way to evade the NIDS?
A. Encryption
B. Protocol Isolation
C. Alternate Data Streams
D. Out of band signalling
When the NIDS encounters encrypted traffic, the only analysis it can perform is packet level analys
is, since the application layer contents are inaccessible. Given that exploits against todays networks are primarily targeted against network services (application layer entities), packet level analysis ends up doing very little to protect our core busine
ss assets.
References: