Bypass IDS
breakingpointsystems.com say : "three way handshake is a lie!"
Link:
http://www.breakingpointsystems.com/community/blog/tcp-portals-the-three...
This is a good and simple method to bypass the IDS
Snort answer quikly : add "require_3whs" to stream5 preprocessor
vulnerable :
preprocessor stream5_tcp: policy first, use_static_footprint_sizes
not vulnerable :
preprocessor stream5_tcp: policy first, use_static_footprint_sizes, require_3whs
Stay Tuned!