Focus on IDS
Detection evasion technique by invalid UTF-8 sequences Mar 23 2009 02:44AM
bugtraq01 hash-c co jp (1 replies)
Re: Detection evasion technique by invalid UTF-8 sequences Mar 27 2009 01:11AM
Frank Knobbe (frank knobbe us)
On Mon, 2009-03-23 at 11:44 +0900, bugtraq01 (at) hash-c.co (dot) jp [email concealed] wrote:
[...]
> Detection by IDS/IPS/WAF(Web Application Firewall) is evaded by
> inserting invalid UTF-8 sequences on the way of SQL keywords(select,
> union, declare and so on).

I'm curious, which IDS/IPS/WAF products have you tested that were not
able to properly normalize the URL parameters?

Which products are affected? If the IDS/IPS/WAF products are able to
normalize the traffic properly, where is the problem?

-Frank

--
It is said that the Internet is a public utility. As such, it is best
compared to a sewer. A big, fat pipe with a bunch of crap sloshing
against your ports.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.10 (FreeBSD)

iD8DBQBJzCfdpIc56HlJ1YARAsxYAJ9T4mSDnEk8tPLvvu6zz5WQrTD+zACePaVn
TzzlyuvdzOwxEEO2pR3EJ4M=
=h43d
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus