nerdexam
EC-Council

312-50V11 · Question #779

Session splicing is an IDS evasion technique in which an attacker delivers data in multiple, small sized packets to the target computer, making it very difficult for an IDS to detect the attack signat

The correct answer is D. Whisker. Whisker is a CGI scanner that pioneered IDS evasion techniques including session splicing, which fragments HTTP requests into small packets to prevent signature-based IDS detection.

Evading IDS, Firewalls, and Honeypots

Question

Session splicing is an IDS evasion technique in which an attacker delivers data in multiple, small sized packets to the target computer, making it very difficult for an IDS to detect the attack signatures. Which tool can be used to perform session splicing attacks?

Options

  • Atcpsplice
  • BBurp
  • CHydra
  • DWhisker

How the community answered

(34 responses)
  • A
    3% (1)
  • B
    3% (1)
  • C
    6% (2)
  • D
    88% (30)

Why each option

Whisker is a CGI scanner that pioneered IDS evasion techniques including session splicing, which fragments HTTP requests into small packets to prevent signature-based IDS detection.

Atcpsplice

tcpsplice is not a recognized security tool associated with session splicing IDS evasion; no widely documented tool by that name performs this function.

BBurp

Burp Suite is a web application security proxy used for intercepting, modifying, and replaying HTTP requests, and does not implement TCP-level session splicing for IDS evasion.

CHydra

Hydra is an online password brute-force tool that attacks authentication services, and has no capability related to TCP session fragmentation or IDS evasion.

DWhiskerCorrect

Whisker, developed by Rain Forest Puppy, was one of the first tools to implement session splicing as a built-in IDS evasion method alongside other techniques such as URL encoding and parameter pollution. It fragments attack payloads across multiple small TCP segments so that an IDS examining individual packets cannot reassemble and match the complete attack signature. This made Whisker a landmark tool in demonstrating practical IDS evasion at the session layer.

Concept tested: Session splicing IDS evasion technique and tools

Topics

#session splicing#IDS evasion#Whisker#packet fragmentation

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice