Secure Software Lifecycle Professional – CSSLP – Question254
In which of the following IDS evasion attacks does an attacker send a data packet such that IDS accepts the data packet but the host computer rejects it? A. Evasion attack B. Fragmentation overlap attack C. Fragmentation overwrite attack D. Insertion attack
Correct Answer: D
Explanation:
Explanation: In an insertion attack, an IDS accepts a packet and assumes that the host computer will also accept it. But in reality, when a host system rejects the packet, the IDS accepts the attacking string that will exploit vulnerabilities in the IDS. Such attacks can badly infect IDS signatures and IDS signature analysis. Answer: B is incorrect. In this approach, an attacker sends packets in such a manner that one packet fragment overlaps data from a previous fragment. The information is organized in the packets in such a manner that when the victim’s computer reassembles the packets, an attack string is executed on the victim’s computer. Since the attacking string is in fragmented form, IDS is unable to detect it. Answer: C is incorrect. In this approach, an attacker sends packets in such a manner that one packet fragment overwrites data from a previous fragment. The information is organized into the packets in such a manner that when the victim’s computer reassembles the packets, an attack string is executed on the victim’s computer. Since the attacking string is in fragmented form, IDS becomes unable to detect it. Answer: A is incorrect. An evasion attack is one in which an IDS rejects a malicious packet but the host computer accepts it. Since an IDS has rejected it, it does not check the contents of the packet. Hence, using this technique, an attacker can exploit the host computer. In many cases, it is quite simple for an attacker to send such data packets that can easily perform evasion attacks on an IDSs.
Please disable your adblocker or whitelist this site!