210-255 · Question #82
Which of the following has been used to evade IDS and IPS devices?
The correct answer is D. Fragmentation. Packet fragmentation is a classic technique attackers use to evade IDS/IPS by splitting malicious payloads across multiple IP fragments so that no single fragment triggers a signature match.
Question
Which of the following has been used to evade IDS and IPS devices?
Options
- ASNMP
- BHTTP
- CTNP
- DFragmentation
How the community answered
(43 responses)- A2% (1)
- C2% (1)
- D95% (41)
Why each option
Packet fragmentation is a classic technique attackers use to evade IDS/IPS by splitting malicious payloads across multiple IP fragments so that no single fragment triggers a signature match.
SNMP is a network management protocol used for device monitoring and configuration, not an IDS/IPS evasion technique.
HTTP is an application-layer protocol for web communication and is not itself an evasion technique, though certain HTTP-based obfuscation methods can be used - HTTP alone is not the answer.
TNP is not a recognized network protocol or IDS/IPS evasion technique relevant to this context.
IP fragmentation splits a packet into smaller fragments that are individually inspected by an IDS or IPS. Because the malicious payload is divided across fragments, signature-based detection engines that only inspect individual fragments - rather than performing full reassembly - may fail to detect the attack. This technique has been well-documented as an evasion method since early research on network-based IDS limitations.
Concept tested: IP fragmentation as IDS/IPS evasion technique
Source: https://www.cisco.com/c/en/us/td/docs/security/ips/7-0/configuration/guide/idm/idmg70/dmevover.html
Topics
Community Discussion
No community discussion yet for this question.