This IDS defeating technique works by splitting a datagram (or packet) into multiple fragments and the IDS will not spot the true nature of the fully assembled datagram. The datagram is not reassembled until it reaches its final destination. It would be a processor-intensive task for IDS to reassemble all fragments itself, and on a busy system the packet will slip through the IDS onto the network. What is this technique called?
A.
IP Routing or Packet Dropping
B.
IDS Spoofing or Session Assembly
C.
IP Fragmentation or Session Splicing
D.
IP Splicing or Packet Reassembly
Explanation:
The above evasion methods attempt to match a string within a packet without concern for session or how an attack may be delivered partially through multiple packets. Whisker has another network-level evasion method called session splicing. Session splicing divides the string across several packets as follows:
Packet number Content
1 G
2 E
3 T
4 20
5 /
6 HBy delivering the data a few bytes at a time the string match is evaded.
Note : The Content is GET20/H
C