In which of the following IDS evasion attacks does an attacker send a data packet such that IDS
accepts the data packet but the host computer rejects it?
A.
Evasion attack
B.
Fragmentation overlap attack
C.
Fragmentation overwrite attack
D.
Insertion attack
Explanation:
In an insertion attack, an IDS accepts a packet and assumes that the host computer
will also accept it. But in reality, when a host system rejects the packet, the IDS accepts the
attacking string that will exploit vulnerabilities in the IDS. Such attacks can badly infect IDS
packets in such a manner that one packet fragment overlaps data from a previous fragment. The
information is organized in the packets in such a manner that when the victim’s computer
reassembles the packets, an attack string is executed on the victim’s computer. Since the
approach, an attacker sends packets in such a manner that one packet fragment overwrites data
from a previous fragment. The information is organized into the packets in such a manner that
when the victim’s computer reassembles the packets, an attack string is executed on the victim’s
computer. Since the attacking string is in fragmented form, IDS becomes unable to detect it.
host computer accepts it. Since an IDS has rejected it, it does not check the contents of the
packet. Hence, using this technique, an attacker can exploit the host computer. In many cases, it
is quite simple for an attacker to send such data packets that can easily perform evasion attacks
on an IDSs.