Focus on IDS
Detection evasion technique by invalid UTF-8 sequences Mar 23 2009 02:44AM
bugtraq01 hash-c co jp (1 replies)
Re: Detection evasion technique by invalid UTF-8 sequences Mar 27 2009 01:11AM
Frank Knobbe (frank knobbe us)
On Mon, 2009-03-23 at 11:44 +0900, bugtraq01 (at) (dot) jp [email concealed] wrote:
> Detection by IDS/IPS/WAF(Web Application Firewall) is evaded by
> inserting invalid UTF-8 sequences on the way of SQL keywords(select,
> union, declare and so on).

I'm curious, which IDS/IPS/WAF products have you tested that were not
able to properly normalize the URL parameters?

Which products are affected? If the IDS/IPS/WAF products are able to
normalize the traffic properly, where is the problem?


It is said that the Internet is a public utility. As such, it is best
compared to a sewer. A big, fat pipe with a bunch of crap sloshing
against your ports.

Version: GnuPG v2.0.10 (FreeBSD)


[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus