Posted on Posted in Hacker News, Paper

Firewalls and Intrusion Detection Systems (IDS) are the basic core regarding safety in any company or network infrastructure within an organization. While a simple firewall filters the traffic, taking as a basis the information of the network as the TCP/UDP ports and IP addresses, the IDS performs a much more in-depth research considering and analyzing the contents of the actual data of each package that circulates in the network.

To really evaluate the packets on the network, the IDS needs to possess an understanding at a very low level about the type of information that circulates within the specific protocol. Therefore, an Intrusion Detection System (IDS) is an active process or device that analyzes the activity of the system and the network for unauthorized entry and/or malicious activity.

There are many different brands and at different levels. In 1998, Ptecek and Newsham demonstrated how an IDS could be evaded, using various techniques such as overlapping fragments of shellcode, enveloping sequences of numbers and inserting random packages within the payload of an exploit. This was possible due to the IDS back then did not process or interpret the packages in the same way that a proprietary system of the network would.

Quellen: exploitdb and Jesus Garcia