No Score


Stonesoft Corporation reported a number of techniques for evading the IPS/IDS detection. This publication should not be confused with Stonesoft "Advanced Evasion Techniques" advisory (CVE-2010-0102) discussed in sk59468. Check Point has verified that all versions of the Check Point IPS blade properly block and report on these evasion techniques. Read the "Solution" section for details. Stonesoft evasion techniques use a combination of TCP segmentation and MS-RPC fragmentation as well as manipulation of TCP window size and congestion control. For details refer to CERT-FI advisory (FICORA #487536).


Source: Mitre, NVD

Published: 2011-06-14