nerdexam
EC-Council

312-50V10 · Question #451

Session splicing is an IDS evasion technique in which an attacker delivers data in multiple, smallsized packets to the target computer, making it very difficult for an IDS to detect the attack signatu

The correct answer is A. Whisker. One basic technique is to split the attack payload into multiple small packets, so that the IDS must reassemble the packet stream to detect the attack. A simple way of splitting packets is by fragmenting them, but an adversary can also simply craft packets with small payloads. Th

Evading IDS, Firewalls, and Honeypots

Question

Session splicing is an IDS evasion technique in which an attacker delivers data in multiple, smallsized packets to the target computer, making it very difficult for an IDS to detect the attack signatures. Which tool can be used to perform session splicing attacks?

Options

  • AWhisker
  • Btcpsplice
  • CBurp
  • DHydra

How the community answered

(51 responses)
  • A
    94% (48)
  • B
    4% (2)
  • D
    2% (1)

Explanation

One basic technique is to split the attack payload into multiple small packets, so that the IDS must reassemble the packet stream to detect the attack. A simple way of splitting packets is by fragmenting them, but an adversary can also simply craft packets with small payloads. The 'whisker' evasion tool calls crafting packets with small payloads 'session splicing'. https://en.wikipedia.org/wiki/Intrusion_detection_system_evasion_techniques#Fragmentation_an

Topics

#session splicing#IDS evasion#packet fragmentation#Whisker

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice