Firewalls Defenceless Against “AET” Probing?

According to Finnish security vendor Stonesoft, “Advanced Evasion Techniques” (AET), is an obscure class of packet-based probing at the lowest level of the TCP/IP stack that firewalls are designed to stop.  The trouble is, 31 obscure AETs nobody has paid much attention to until recently, seem to have a protection level close to ZERO.

AETs are used to probe for vulnerable servers and other systems in an automated fashion, evading detection by security systems.  In Stonesoft’s analysis, the range of AETs being employed against networks is far greater than previously believed, and they are being combined in complex, multiprotocol probes that firewalls can’t see.

If accurate, this sounds significant.  It could mean that every firewall in the world is unable to detect probes used to enumerate servers vulnerable to application-layer exploits, like those that fuelled recent incidents such as Stuxnet and the Aurora attacks on Google.

TechWorld

Advertisements