Problem solve Get help with specific problems with your technologies, process and projects.

Understanding advanced evasion techniques, preventing AET attacks

Expert Brad Casey explains advanced evasion techniques and details how to protect enterprise networks against the likelihood of an AET attack.

What is the best way to harden an enterprise network against advanced evasion techniques (AETs)? I see vendors...

coming out with software that uses this same idea to prod a network's perimeter for holes. Furthermore, what's the best way to track down the source of AETs?

Ask the Expert!

Have questions about network security for expert Brad Casey? Send them via email today! (All questions are anonymous.)

AETs were dreamed up in a vendor laboratory, so I'm not convinced that AET attacks are a prevalent problem at this point. In a nutshell, an AET attack involves manipulating packets at various layers of the Open Systems Interconnection model with the end goal of confusing network intrusion detection and prevention systems (IDS/IPS). So if the packet is manipulated at the IP layer, most IDS/IPS products are adept at catching such an event, but if the packet is manipulated simultaneously at the IP and session layers, most IDS/IPS systems don't know how to process this.

Yes, there is software and hardware on the market right now that will help to prevent the infamous AET attack, but the vendors who are peddling these products are some of the same ones that invented the concept in the first place. I'm not saying that AET attacks won't at some point be prevalent in the wild, but in comparison with the dreaded DDoS attack, AET attacks aren't even in the same ballpark. If your organization insists on deploying a defense against AET attacks, then I suggest considering vendors such as Stonesoft that have a focus on AET mitigation for your software and hardware needs.

As far as tracking down the source of AET attacks, you could use some of the same techniques that are used in other attacks: Examine the network routing information, take note of which autonomous system the packets are coming from, and try obtaining the cooperation of your ISP.

This was last published in August 2013

Dig Deeper on Hacker tools and techniques: Underground hacking sites

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.