Defeating Network Intrusion Detection.

Presented at Black Hat USA 1998, July 29, 1998, 11:40 a.m. (90 minutes).

Network intrusion detection (ID), a technology that attempts to identify attackers by monitoring network traffic, is fast becoming one of the hottest products in the security market. Beneath the hype, however, lie some serious concerns about the reliability of currently available ID systems, as well as the fundamental techniques they use to collect information. This talk will explain why the most popular ID systems on the market can't be trusted, demonstrate how to avoid detection by them, and, in the process, eliminate some very widespread misunderstandings about the capabilities of sniffers and intrusion detection systems.


Presenters:

  • Thomas Ptacek - Network Security Professional at Network Associates, Inc. (Formerly SNI)
    Thomas Ptacek is a developer at Secure Networks, Inc. His work focuses on vulnerability assessment, which involves researching and testing network systems for exploitable design and implementation flaws. In the course of this work, his team has discovered some of the Internet's most serious security problems, including vulnerabilities in Windows NT, Checkpoint Firewall-1, and Solaris, as well as core Internet software such as the BIND, INN, and Apache.

Similar Presentations: