IDS and Firewall Evasion Techniques

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
7 hours 6 minutes
Difficulty
Intermediate
CEU/CPE
7
Video Transcription
00:00
Hey, everyone, welcome back to the course and this video. We're just gonna go over kind of a 10,000 ft view of ideas and firewall evasion techniques. If you recall earlier in this course, I showed you some ways we can do that via and map. I I showed you some commands to try to bypass ideas or firewall, so we're just gonna talk kind of a high level
00:19
of different techniques that can be used.
00:22
So for our ideas of Asian techniques,
00:24
we can use the package fragmentation. And that's one of things I showed you earlier in the course with N maps or just using that dash lower case F flag that allows us to fragment our packets. And the goal with that is to try and get those packets to reassemble after the idea system. So after it's scanned the packets and said, Oh, these look okay,
00:41
then we reassemble and do whatever they're fairies thing we wanted to do
00:45
also doing things like i p address spoofing. So let's say that on the ideas they've set for specific I P addresses to not be able to get through that, it automatically would drop them so we just poof r I P address. And now it looks like it's a legitimate traffic coming through,
01:00
also using things like source routing as well as proxy servers or even using like I talked about before. In the course,
01:08
Attackers typically don't just like, launched their laptop and start attacking you right. They use infrastructures that they've already compromised and use those to launch the attack. So it looks like it's coming from that infrastructure and not the actual attacker themselves
01:23
and using encryption. So some ideas systems out there can read the packets if they're encrypted. So if we just encrypt the packets coming through, for example, if we attack through Port 443 or https, we can encrypt our traffic. And potentially
01:40
it'll go right by the ideas because it looks like normal traffic coming through that particular report,
01:45
and we can also attempt to flood the idea system with so much traffic that it can actually identify are malicious packets because there's so much traffic coming through at one time,
01:56
and then for a firewall evasion techniques, we can use things like ssh tunneling. So basically, that encrypted tunnel of the Attackers using so they can hopefully avoid detection by any type of security controls you have in place again using things like encryption. So fire with fire wall itself doesn't look at the packet. Doesn't look, analyze and see. We've got malicious data in there.
02:15
We could even things like fragmentation as well. Most modern firewalls, though, will be able to detect the malicious traffic
02:21
even if you fragmented. However, encryption still be made something that you can use. Thio bypass the firewall.
02:28
So just a quick, quick question here for you. The attacker changing their I P address for the attack is known as What
02:32
is the fragmentation? Is it
02:35
spoofing? Is it needs
02:38
or is it source routing?
02:39
Pretty easy question here. So the answer is spoofing, right? So we're spoofing the I P address to make it look like the attacks actually coming from somebody else or some other entity.
02:49
So in this video, we just talked about some different ideas, evasion techniques as well. Some different techniques to evade firewalls
Up Next