Focus on IDS
Back to list
Detection evasion technique by invalid UTF-8 sequences
Mar 23 2009 02:44AM
bugtraq01 hash-c co jp
Re: Detection evasion technique by invalid UTF-8 sequences
Mar 27 2009 01:11AM
Frank Knobbe (frank knobbe us)
On Mon, 2009-03-23 at 11:44 +0900, bugtraq01 (at) hash-c.co (dot) jp [email concealed] wrote:
> Detection by IDS/IPS/WAF(Web Application Firewall) is evaded by
> inserting invalid UTF-8 sequences on the way of SQL keywords(select,
> union, declare and so on).
I'm curious, which IDS/IPS/WAF products have you tested that were not
able to properly normalize the URL parameters?
Which products are affected? If the IDS/IPS/WAF products are able to
normalize the traffic properly, where is the problem?
It is said that the Internet is a public utility. As such, it is best
compared to a sewer. A big, fat pipe with a bunch of crap sloshing
against your ports.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.10 (FreeBSD)
-----END PGP SIGNATURE-----
[ reply ]
Copyright 2010, SecurityFocus