In which of the following IDS evasion techniques does IDS reject the packets that an end
system accepts?
A.
IPS evasion technique
B.
IDS evasion technique
C.
UDP evasion technique
D.
TTL evasion technique
Explanation:
Reference:
http://is.muni.cz/th/172999/fi_m/MT_Bukac.pdf(page 24)
When an IDS rejects a packet, how did an IDS evasion technique take place??
B. IDS evasion technique
Reference:http://is.muni.cz/th/172999/fi_m/MT_Bukac.pdf(page 24)
Answer is D ..
Check Module 13..Page 452…
D for sure
I don’t know the details of “TTL evasion technique.”
But, I think it might be like this:
Imagine one payload: “ATBTACK”
An attacker sends “A”,”T”,”B”,”T”,”A”,”C”,”K” to the target machine, but he or she manipulate the “B” packet (set its TTL to exactly the number of hops arrived at the IDS to make IDS drop this “B” packet) to make the whole attack payload look like “ATBTACK” in front of IDS’s eye.
However, the payload will be assembled at the target machine as “ATTACK” because the “B” packet is dropped by IDS earlier.
In a circumstance without IDS, the target machine should receive “ATBTACK” instead of just “ATTACK.” That is why “IDS reject the packets that an end system accepts.”