EC-Council
312-50V9 · Question #608
312-50V9 Question #608: Real Exam Question with Answer & Explanation
The correct answer is B: Create rules in IDS to alert on strange Unicode requests. Obfuscated URL attacks use hex or Unicode encoding to bypass input filters - creating IDS rules to detect anomalous encoding patterns is the recommended detection control.
Question
Take a look at the following attack on a Web Server using obstructed URL: How would you protect from these attacks?
Exhibit
Options
- AConfigure the Web Server to deny requests involving "hex encoded" characters
- BCreate rules in IDS to alert on strange Unicode requests
- CUse SSL authentication on Web Servers
- DEnable Active Scripts Detection at the firewall and routers
Explanation
Obfuscated URL attacks use hex or Unicode encoding to bypass input filters - creating IDS rules to detect anomalous encoding patterns is the recommended detection control.
Common mistakes.
- A. Blocking all hex-encoded characters at the web server would break normal web functionality, since percent-encoding (e.g., %20 for space) is a standard and required part of the URI specification per RFC 3986.
- C. SSL/TLS secures data in transit through encryption but performs no inspection of request content, so it provides no protection against URL obfuscation attacks.
- D. Active Scripts Detection targets script injection vectors such as JavaScript or VBScript - it does not inspect or filter URL encoding patterns used in obfuscation attacks.
Concept tested. IDS detection of Unicode/hex URL obfuscation attacks
Reference. https://owasp.org/www-community/attacks/Unicode_Encoding
Community Discussion
No community discussion yet for this question.