nerdexam
Cisco

210-255 · Question #82

Which of the following has been used to evade IDS and IPS devices?

The correct answer is D. Fragmentation. Packet fragmentation is a classic technique attackers use to evade IDS/IPS by splitting malicious payloads across multiple IP fragments so that no single fragment triggers a signature match.

Network Intrusion Analysis

Question

Which of the following has been used to evade IDS and IPS devices?

Options

  • ASNMP
  • BHTTP
  • CTNP
  • DFragmentation

How the community answered

(43 responses)
  • A
    2% (1)
  • C
    2% (1)
  • D
    95% (41)

Why each option

Packet fragmentation is a classic technique attackers use to evade IDS/IPS by splitting malicious payloads across multiple IP fragments so that no single fragment triggers a signature match.

ASNMP

SNMP is a network management protocol used for device monitoring and configuration, not an IDS/IPS evasion technique.

BHTTP

HTTP is an application-layer protocol for web communication and is not itself an evasion technique, though certain HTTP-based obfuscation methods can be used - HTTP alone is not the answer.

CTNP

TNP is not a recognized network protocol or IDS/IPS evasion technique relevant to this context.

DFragmentationCorrect

IP fragmentation splits a packet into smaller fragments that are individually inspected by an IDS or IPS. Because the malicious payload is divided across fragments, signature-based detection engines that only inspect individual fragments - rather than performing full reassembly - may fail to detect the attack. This technique has been well-documented as an evasion method since early research on network-based IDS limitations.

Concept tested: IP fragmentation as IDS/IPS evasion technique

Source: https://www.cisco.com/c/en/us/td/docs/security/ips/7-0/configuration/guide/idm/idmg70/dmevover.html

Topics

#IDS evasion#IPS evasion#fragmentation#packet manipulation

Community Discussion

No community discussion yet for this question.

Full 210-255 Practice