Stonesoft discovers 124 new advanced evasion techniques

Security firm Stonesoft has announced the discovery of 124 new advanced evasion techniques (AETs) since they were first reported in October 2010.

Security firm Stonesoft has announced the discovery of 124 new advanced evasion techniques (AETs) since they were first reported in October 2010.

Samples of these AETs have been delivered to Finland's Computer Emergency Response Team (CERT-FI), which will continue to coordinate a global vulnerability coordination effort.

Many vendors claimed to have "fixed" the product vulnerabilities disclosed in CERT-FI's initial advisories on the 23 AETs discovered last year, but real-life testing confirms that AETs are still able to penetrate many of these systems without detection, according to Stonesoft.

In other cases, the company said, simple microscopic changes to an AET, such as changing byte size and segmentation offset, allow them to bypass the product's detection capabilities.

This demonstrates that most vendors are providing only temporary and inflexible fixes to the growing AET concern, rather than researching and solving the fundamental architecture issues that give way to these vulnerabilities, Stonesoft said.

"It seems that those who claim to have 100% protection against advanced evasion techniques do not really understand the magnitude of the problem nor have they done enough research around the issue. The discoveries made so far are only the tip of the iceberg," said Joona Airamo, chief information security officer at Stonesoft.

Traditional and advanced evasion techniques have become of increasing concern to the network security community. In its Network IPS Group Test Q4 2010, independent NSS Labs described IP fragmentation and TCP segmentation evasions as a grave threat, stating "if an attacker can avoid detection by fragmenting packets or segmenting TCP streams, an Intrusion Prevention System will be completely blind to all attacks."

"Missing an evasion means a hacker can use an entire class of exploits to circumvent a security product, rendering it virtually useless," said Rick Moy, president, NSS Labs.

"Combining certain evasions further increases the likelihood of success for attackers, and elevates the risk to enterprises," he said

Bob Walder, research director at Gartner, said although evasion techniques are not new, they still present a credible threat against the network security infrastructure that protects governments, commerce and information-sharing worldwide.

"Recent research has, thankfully, forced this issue once again into the spotlight, and network security vendors need to devote the research and resources to finding a solution," he said.

Read more on Hackers and cybercrime prevention