In the “A Novel Way of Abusing IPv6 Extension Headers to Evade IPv6 Security Devices” blogpost I described a way to evade a high-end commercial IDPS device, the Tipping Point IDPS (TOS Tipping Point, Package 3.6.1.4036 and vaccine 3.2.0.8530 digital), by abusing a minor detail at the IPv6 specification. As I promised at the end of that blogpost, this is not the end. In this blogpost I am going to describe several new and different ways of evading another popular IDPS, an open-source one this time, Suricata.
Specifically, while checking the detection capabilities of Suricata version 2.0.1 (with Emerging Threats ETOpen Ruleset, 03 June, 2014), we found out that it can be evaded when
more here..............http://www.insinuator.net/2014/08/evading-idps-by-combining-ipv6-extension-headers-and-fragmentation-features-the-story-of-my-life/
Specifically, while checking the detection capabilities of Suricata version 2.0.1 (with Emerging Threats ETOpen Ruleset, 03 June, 2014), we found out that it can be evaded when
more here..............http://www.insinuator.net/2014/08/evading-idps-by-combining-ipv6-extension-headers-and-fragmentation-features-the-story-of-my-life/