Evading Deep Inspection for Fun and Shell

Explore a 45-minute conference talk from Black Hat USA 2013 that delves into the vulnerabilities of deep packet inspection systems. Learn how researchers Olli-Pekka Niemi and Antti Levomaki uncovered weaknesses in TCP/IP reassembly capabilities of various security devices, including Next Generation Firewalls, IPS, IDS, and BDS. Discover how these vulnerabilities can be exploited to bypass security measures and evade detection. Gain insights into the limitations of current anomaly detection strategies, such as blocking small TCP segments, and understand why these approaches may lead to false positives in real-world traffic scenarios. Examine the researchers' findings on evasion techniques that allow successful attacks without triggering security box logs, even with all signatures set to block.

Black Hat USA 2013 - Evading deep inspection for fun and shell