In association with heise online

15 May 2007, 14:15

Unicode encoding can be used to bypass intrusion detection systems

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

It seems possible to evade detection by intrusion detection or intrusion prevention systems (IDS/IPS) by using a special Unicode encoding. If a nefarious individual uses full-width/half-width Unicode encoding when transferring, for example, http traffic, some intrusion detection and intrusion prevention systems are blind to malicious code embedded therein.

The vulnerability was discovered by Turkish researchers at GamaSEC some three weeks ago. US-CERT and Cisco have now issued their own security advisories on this vulnerability. US-CERT is maintaining a longer list of IDS/IPS system vendors, of which to date only Apple and HP have been classified as not vulnerable. Cisco has reported that its intrusion prevention system and IOS with firewall / IPS functions are vulnerable. However, the vendor has not yet released software updates or a temporary workaround.

Numerous IDS/IPS vendors are likely to release software updates shortly, once they have tested their systems and discovered any vulnerability present. Administrators of affected systems should download these as soon as possible in order to avoid unnecessary risks to network security.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit