interesting paper on testing sig-based IDS

http://www.cs.ucsb.edu/~vigna/pub/2004_vigna_robertson_balzarotti_CCS04.
pdf

It seems very similar (at least at first glance) what what's been
implemented by
RFP in Whisker (the anti-IDS techniques) or in Metasploit (IDS confusion
techniques).

Have any/many of you seen this before? It seems like it's something we
would have
seen cross this list but I don't remember it doing so.

t

Toby Kohlenberg, CISSP, GCIH, GCIA
Senior Information Security Analyst
Applied Security Technology Team
Intel Corporate Information Security
503-712-8588  Office & Voicemail
877-497-1696  Pager
"Just because you're paranoid, doesn't mean they're not after you."

PGP Fingerprint:
92E2 E2FC BB8B 98CD 88FA  01A1 6E09 B5BA 9E84 9E70



--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------