Secure Networks Inc. released a technical report detailing
fundamental vulnerabilities in network intrusion detection software.
Network intrusion detection systems attempt to detect attacks against
networks by
watching network traffic.
The problems discovered allow crackers to slip past a network intrusion
detection system (IDS), or, worse, to turn the system against the network it
protects.
Secure Networks, a security research and development company, released the
new findings to address recent increases in public attention to network
intrusion detection, a relatively new security tool.
“Our work is intended to illustrate that network IDS is an immature
technology,” said Thomas Ptacek, co-author of the report. “These systems
have not yet been adequately tested, and should not be relied on for
security in mission-critical environments.”
The report outlines two new types of attacks against intrusion detection
systems, both of which take advantage of well-understood “packet spoofing”
techniques (in which an attacker forges low-level network packets) to
confuse intrusion detection systems. In addition, the report explains how an
attacker can use simple denial-of-service attacks (such as “ping floods”) to
thwart intrusion detection.
Four different commercial intrusion detection systems were evaluated in the
report, which explains specifically how attacks against intrusion detection
systems can occur, and what can be done to combat them.