Informative Information for the Uninformed | ||||||||||||||
|
||||||||||||||
Next: Heuristic based filtering
Up: Post-Exploitation on Windows using
Previous: Worm Propagation
  Contents
Methods of Prevention
Now that a payload has been defined that is capable of bypassing
standard outbound filters, the next step is to determine potential
solutions in order to assist in the prevention of such techniques.
Though efforts can be made elsewhere to prevent exploitation in the
first place, it is still prudent to attempt to analyze approaches
that could be taken to prevent a payload like the one described in
this document from being used in a real world scenario. The primary
concern when implementing a prevention mechanism, however, is that
it must not also prevent normal user traffic from working as
expected and should also be robust enough to catch future mutations
of the same technique. A failure to succeed on either of these
points is an indication that the prevention method is not entirely
viable or sound. With that in mind, two potential methods of
prevention will be described in this chapter, though neither of them
should be seen as complete method of prevention. The key point
again is that as long as it's possible for a user to communicate
with the internet, so too will it be possible for an attacker to
simulate traffic that looks as if it's coming from a user.
Subsections
Next: Heuristic based filtering
Up: Post-Exploitation on Windows using
Previous: Worm Propagation
  Contents
|