Report Uncovers Flaws in Network Intrusion Detection
Page 1 of 1
Secure Networks Inc. released a technical report detailing fundamental vulnerabilities in network intrusion detection software.
Network intrusion detection systems attempt to detect attacks against networks by watching network traffic.
The problems discovered allow crackers to slip past a network intrusion detection system (IDS), or, worse, to turn the system against the network it protects.
Secure Networks, a security research and development company, released the new findings to address recent increases in public attention to network intrusion detection, a relatively new security tool.
The report outlines two new types of attacks against intrusion detection systems, both of which take advantage of well-understood "packet spoofing" techniques (in which an attacker forges low-level network packets) to confuse intrusion detection systems. In addition, the report explains how an attacker can use simple denial-of-service attacks (such as "ping floods") to thwart intrusion detection.
Four different commercial intrusion detection systems were evaluated in the report, which explains specifically how attacks against intrusion detection systems can occur, and what can be done to combat them.