Exam CISSP topic 1 question 479 discussion

An example of evading intrusion detection system (IDS) signature detection is packet fragmentation (Option A). Packet fragmentation is a technique used by attackers to split a large data packet into smaller pieces before sending them to the target system. This can allow the attacker to bypass signature-based IDS detection, as the signature may be distributed across multiple packets or may not be recognizable in the smaller fragments. The attacker can then reassemble the fragmented packets on the target system and execute the attack without triggering the IDS signature.

Agree with A. This technique involves breaking down a malicious payload into smaller packets that are transmitted separately. IDS systems that inspect packet contents often do so by reassembling the packets before analyzing them. If the fragmentation is done in such a way that the IDS either fails to reassemble the packets correctly or overlooks the malicious content, the attack can evade detection. This is a common method for evading IDS signature-based detection, as it can obscure the malicious payload from the system.

A. Packet fragmentation Packet fragmentation is a technique used to evade intrusion detection system (IDS) signature detection. In this method, an attacker splits an attack payload into smaller packets, taking advantage of the fact that many IDS systems may only inspect the initial fragment of a packet. By doing so, the attacker can try to avoid detection by spreading the attack payload across multiple packets, making it more difficult for the IDS to detect the malicious content. This technique is often used to bypass signature-based detection mechanisms.