wisemonkeys logo
FeedNotificationProfileManage Forms
FeedNotificationSearchSign in
wisemonkeys logo

Blogs

Firewall / IDS Evasion Techniques

profile
44_Vikash Yadav
Sep 15, 2023
0 Likes
0 Discussions
239 Reads

Introduction

An Intrusion Detection System is a set of tools or systems that monitors and analyzes the Network Traffic for any suspicious activities and issues alerts when any such activity is observed.

Similarly, a Firewall is a network security framework, that manages the outbound and inbound network traffic by permitting or blocking the packets based on the set of security rules.

Although the Firewalls and IDS can prevent the Malicious Packets from entering a network, an Attacker can send manipulated packets to the target such that it can evade the IDS / Firewall. There are several such evasion techniques.

 

Following are the Top few Techniques to evade the Firewall or an Intrusion Detection System:

 

 Packet Fragmentation

Generally, as the name itself tells — A Packet Fragmentation is the method, where an attacker splits the probe packets into several smaller fragments, before sending them to the target network. As soon as the packets reach the target system, the IDS or Firewall enqueue them and process each of them one by one. However, being too many packets because of the fragmentation requires greater CPU and network resource consumption. Let me tell you, that most of the Intrusion Detection Systems are configured to skip the fragmented packets during the scanning.

 

Source Routing

An IP datagram contains several fields which also include the source routing information and a list of IP addresses through which the packet will travel to reach its destination. If you don’t know this already, let me tell you when the packets travel through the different nodes in the network, each router examines the destination IP Address associated with it and chooses the next hop to direct the packet to its destination.

 

Spoofing the IP Address

Spoofing the IP Address is one of the hijacking techniques, where an attacker obtains a computer’s IP Address alters the packet headers, and then sends the request packets to the target machine, pretending it to be a legitimate host. The packets also appear to be coming from a legitimate source but actually are sent from the attacker’s machine.

 

Randomizing the order of Host

The attacker scans the number of hosts in the target network in a random order to scan the intended target that is secured behind the firewall. Our favorite tool NMAP provides us an option of randomizing hosts as well.

Comments ()

Sign in

Read Next

Indian Food

Blog banner

File management In Operating System

Blog banner

operating system

Blog banner

10 Interesting facts you should know!!!

Blog banner

Anomaly Detection in Behavioral Data Using Machine Learning

Blog banner

Service Transition Process in ITSM

Blog banner

Demystifying Cryptography: A Beginner's Guide

Blog banner

What does the Australian summer have in store for your oral health?

Blog banner

CYBER SECURITY CHALLENGES

Blog banner

Points to consider if you're planning to visit Florida in 2026

Blog banner

Is Your Password Complex Enough?

Blog banner

Consumer to consumer business mode

Blog banner

Different memory allocation strategies

Blog banner

virtual memory

Blog banner

Uniprocessor Scheduling

Blog banner

Why Travellers from Miami & Orlando Are Visiting Arcadia for Weekend Getaways?

Blog banner

MoSCoW METHOD IN DATA SCIENCE

Blog banner

Mumbai famous street food

Blog banner

Autonomy Vehicles: Future Ki Gadiya

Blog banner

What is Amazon?

Blog banner

Cyber Forensics on IOT Devices

Blog banner

To travel is to live

Blog banner

Emotional Suppression: The Hidden Costs Of Unfelt Feelings

Blog banner

Mumbai Metro 3

Blog banner

A book review

Blog banner

The Future of Patola Weaving in a Sustainable Fashion World

Blog banner

Worms, viruses and Bots

Blog banner

Why Data Privacy Is Changing Online Advertising

Blog banner

Types of Hackers

Blog banner

QUANTUM COMPUTING IN SECURITY:A GAME CHANGER IN DIGITAL WORLD

Blog banner

Os(Computer security threats)

Blog banner

MAJOR ACHIEVEMENTS OF OS

Blog banner

Deadlock and Starvation

Blog banner

Teenagers of Today

Blog banner

PROCESS STATES OF OPERATING SYSTEM

Blog banner

How Laughing Gas Makes Your Dental Visit So Much Easier

Blog banner

Memory Management

Blog banner

VIRUS

Blog banner

Embedded Operating System

Blog banner

Music is life

Blog banner

A Traveller’s Guide to Offbeat Places in Arcadia, Florida

Blog banner

Data Science in Healthcare: Predicting Diseases

Blog banner