Which of the following strategies can be used to defeat detection by a network-based IDS application?

ETHER: Destination address : 0000BA5EBA11 ETHER: Source address :

00A0C9B05EBD ETHER: Frame Length : 1514 (0x05EA) ETHER: Ethernet Type :

0x0800 (IP) IP: Version = 4 (0x4) IP: Header Length = 20 (0x14) IP:

Service Type = 0 (0x0) IP: Precedence = Routine IP: …0…. = Normal

Delay IP: ….0… = Normal Throughput IP: …..0.. = Normal

Reliability IP: Total Length = 1500 (0x5DC) IP: Identification = 7652

(0x1DE4) IP: Flags Summary = 2 (0x2) IP: …….0 = Last fragment in

datagram IP: ……1. = Cannot fragment datagram IP: Fragment Offset = (0x0) bytes IP: Time to Live = 127 (0x7F) IP: Protocol = TCP –

Transmission Control IP: Checksum = 0xC26D IP: Source Address =

10.0.0.2 IP:

Destination Address = 10.0.1.201 TCP: Source Port = Hypertext Transfer

Protocol TCP: Destination Port = 0x1A0B TCP: Sequence Number =

97517760 (0x5D000C0) TCP: Acknowledgement Number = 78544373 (0x4AE7DF5)

TCP:

Data Offset = 20 (0x14) TCP: Reserved = 0 (0x0000) TCP: Flags =

0x10 : .A…. TCP: ..0….. = No urgent data TCP: …1…. =

Acknowledgement field significant TCP: ….0… = No Push function TCP:

…..0.. = No Reset TCP: ……0. = No Synchronize TCP: …….0 = No

Fin TCP: Window = 28793 (0x7079) TCP: Checksum = 0x8F27 TCP: Urgent

Pointer = 0 (0x0)

An employee wants to defeat detection by a network-based IDS application. He does not want to attack the system containing the IDS application. Which of the following strategies can be used to defeat detection by a network-based IDS application?

ETHER: Destination address : 0000BA5EBA11 ETHER: Source address :

00A0C9B05EBD ETHER: Frame Length : 1514 (0x05EA) ETHER: Ethernet Type :

0x0800 (IP) IP: Version = 4 (0x4) IP: Header Length = 20 (0x14) IP:

Service Type = 0 (0x0) IP: Precedence = Routine IP: …0…. = Normal

Delay IP: ….0… = Normal Throughput IP: …..0.. = Normal

Reliability IP: Total Length = 1500 (0x5DC) IP: Identification = 7652

(0x1DE4) IP: Flags Summary = 2 (0x2) IP: …….0 = Last fragment in

datagram IP: ……1. = Cannot fragment datagram IP: Fragment Offset = (0x0) bytes IP: Time to Live = 127 (0x7F) IP: Protocol = TCP –

Transmission Control IP: Checksum = 0xC26D IP: Source Address =

10.0.0.2 IP:

Destination Address = 10.0.1.201 TCP: Source Port = Hypertext Transfer

Protocol TCP: Destination Port = 0x1A0B TCP: Sequence Number =

97517760 (0x5D000C0) TCP: Acknowledgement Number = 78544373 (0x4AE7DF5)

TCP:

Data Offset = 20 (0x14) TCP: Reserved = 0 (0x0000) TCP: Flags =

0x10 : .A…. TCP: ..0….. = No urgent data TCP: …1…. =

Acknowledgement field significant TCP: ….0… = No Push function TCP:

…..0.. = No Reset TCP: ……0. = No Synchronize TCP: …….0 = No

Fin TCP: Window = 28793 (0x7079) TCP: Checksum = 0x8F27 TCP: Urgent

Pointer = 0 (0x0)

An employee wants to defeat detection by a network-based IDS application. He does not want to attack the system containing the IDS application. Which of the following strategies can be used to defeat detection by a network-based IDS application?

A.
Create a SYN flood

B.
Create a network tunnel

C.
Create multiple false positives

D.
Create a ping flood

Explanation:
Certain types of encryption presents challenges to network-based intrusion detection and may leave the IDS blind to certain attacks, where a host-based IDS analyzes the data after it has been decrypted.



Leave a Reply 0

Your email address will not be published. Required fields are marked *