Finux's Historical Tour Of IDS Evasion, Insertions, and Other Oddities

Presented at DeepSec 2013 „Secrets, Failures, and Visions“, Unknown date/time (Unknown duration)

Roll up, Roll up, my Lords, Ladies and Gentleman, come see the bizarre and wondrous marvels that the Cirque de Vendeurs Sécurité has to offer. Tales of miracle machines that can see into the future and tell their masters of all the dangers they face. Devices so wise that they can see the very threats of tyrants and evil doers before they've even been thought of. Contraptions that possess a mystical sixth sense that can see every footstep and action a would be assailant takes before any deadly blow is delivered. These miracle machines that give defenders a suit of armour that mean the wearer needs no warrior skills in defending their castles. Come see for yourself, and purchase one of the miracle wondrous machines! Although the above sounds ludicrous and out of place, it isn't that far fetched from a lot of the literature produced by Network Intrusion Prevention/Detection System vendors. This talk looks at the very long and fruitful history the world of network detection systems has to offer (you'll be surprised they're nearly 4 decades old). With a overview of just some of the failings these systems have had over the years, and how these failures shaped their development. At places this talk will be cynical and it won't win any friends from vendors, but attendees will be given enough background information to understand why detection systems like IDS/IPS can work, but why they're set to fail all at the same time. Poor testing and the general acceptance by nearly everyone within the security industry that these systems can't deliver is only the beginning of their history of fail. I intend to discuss why certain evasion techniques worked, and why they will continue to work until we understand the inherent problems. Consider this talk a historical journey with one eye fixed on the future.

Presenters:

• Arron Finnon / Finux - Alba13 Research Labs   as Arron Finux Finnon
  Twitter: http://twitter.com/f1nux Speaker: http://www.finux.co.uk Alba13 Labs: http://www.alba13.com Arron "finux" Finnon has been involved in security research for a over 7 years. Arron has discussed a wide range of security related topics at a number of Security/Hacking conferences in both the UK and internationally, as well as producing over 100 security related podcasts. Interviewing countless security professionals as part of the Finux Tech Weekly podcast show. During Arron's time at The University of Abertay Dundee he was also awarded the SICSA Student Open Source Award for his Advocacy of Free and Open Source software for his work whilst president of The UAD Linux Society. Arron now spends his time between consulting as well as research for Alba13 Research Labs, a company which he founded.

Links:

• https://deepsec.net/archive/2013.deepsec.net/speaker.html#PSLOT132

Similar Presentations:

• Texas Cyber Summit 2019 / BT-1050 Shining a Light on Shadow IT in the Cloud
• 31C3 (2014) / The Invisible Committee Returns with "Fuck Off Google": Cybernetics, Anti-Terrorism, and the ongoing case against the Tarnac 10
• 30C3 (2013) / No Neutral Ground in a Burning World