RealTime IT News

Report Uncovers Flaws in Network Intrusion Detection

Secure Networks Inc. released a technical report detailing fundamental vulnerabilities in network intrusion detection software.

Network intrusion detection systems attempt to detect attacks against networks by watching network traffic.

The problems discovered allow crackers to slip past a network intrusion detection system (IDS), or, worse, to turn the system against the network it protects.

Secure Networks, a security research and development company, released the new findings to address recent increases in public attention to network intrusion detection, a relatively new security tool.

"Our work is intended to illustrate that network IDS is an immature technology," said Thomas Ptacek, co-author of the report. "These systems have not yet been adequately tested, and should not be relied on for security in mission-critical environments."

The report outlines two new types of attacks against intrusion detection systems, both of which take advantage of well-understood "packet spoofing" techniques (in which an attacker forges low-level network packets) to confuse intrusion detection systems. In addition, the report explains how an attacker can use simple denial-of-service attacks (such as "ping floods") to thwart intrusion detection.

Four different commercial intrusion detection systems were evaluated in the report, which explains specifically how attacks against intrusion detection systems can occur, and what can be done to combat them.