issuhub.com

CEH

(Jeff_L) #1

388 Chapter 16 ■ Evading IDSs, Firewalls, and Honeypots



  1. Perform a DoS.

  2. Use code obfuscation.

  3. Perform a false positive generation technique.

  4. Attempt a Unicode attack.

  5. Perform a fragmentation attack.
    It is important for you to remember that not every attack will work when testing a
    firewall or IDS, but you should still log the results and make note of the way the devices
    respond. When testing is completed, compare and analyze the results to see if you can
    determine any patterns or behavior that may indicate the nature of the environment or
    vulnerabilities present.


Summary


In this chapter we looked at firewalls, IDSs, and honeypots as mechanisms used to defend

a network as well as something to evade as an attacker. You saw that the problem is that

whereas many attacks are effective at getting information, they can be thwarted by using

any of the systems we have covered. In fact, today’s networks and environments employ a

range of defensive and detective measures designed to deal with such attacks.

Today’s corporations use many defensive measures, each with its own way of putting a

stop to attacks. Systems such as intrusion detection systems, intrusion prevention systems,

firewalls, honeypots, and others form very potent adversaries and obstacles to your

activities. Although these devices are formidable they are not insurmountable, so you must

first learn how they work and then see what you can do to overcome the obstacles or just

get around them altogether.

Exam Essentials


Understand the different types of firewalls. Know that not all firewalls are the same and

that each operates a little differently. For example, packet filtering firewalls work at the

network level and are commonly found embedded in routers, whereas stateful firewalls are

devices unto themselves.

Know the differences between HIDSs and NIDSs. Understand that an HIDS and an

NIDS are not the same and do not monitor the same type of activity. An NIDS monitors

traffic on a network, but diminishes in effectiveness where a host is concerned. An HIDS

has diminishing capability outside of a specific host.

Understand the role of a honeypot. A honeypot is a tool used to attract an attacker for

the purpose of research, acting as a decoy, or to gain intelligence as to what types of attacks

you may be facing and how well your defenses are working.
Free download pdf
Get our desktop app
Company
Features
Documentation
Resources
© ISSUHUB. 2025. All rights reserved.