This IDS defeating technique works by splitting a datagram (or packet) into multiple fragments and
the IDS will not spot the true nature of the fully assembled datagram. The datagram is not
reassembled until it reaches its final destination. It would be a processor-intensive task for IDS to
reassemble all fragments itself, and on a busy system the packet will slip through the IDS onto the
network. What is this technique called?
A.
IP Routing or Packet Dropping
B.
IDS Spoofing or Session Assembly
C.
IP Fragmentation or Session Splicing
D.
IP Splicing or Packet Reassembly
C
Session Splicing. No idea about “IP Fragmentation” however, the same thing?
D is the Ans.
IP Fragmentation/Fragmentation Attack Requires an attacker to use advanced
knowledge of the Transmission Control Protocol/Internet Protocol (TCP/IP) suite to
break packets into fragments that can bypass most intrusion-detection systems. In
extreme cases, this type of attack can cause hangs, lockups, reboots, blue screens, and
other mischief.
Session Splicing
The type of evasion technique known as session splicing is an IDS evasion technique that
exploits the fact that some types of IDSs don’t reassemble or rebuild sessions before
analyzing traffic. In addition, it is possible to fool some systems by fragmenting packets
or tampering with the transmission of packets in such a way that the IDS cannot analyze
them and instead forwards them to the target host.
C