HeraldMage (50053) writes "Seems NetworkWorld and some other sites are discussing a new type of evasion technique by researchers at Stonesoft, a Finnish network security company. Some are skeptical (http://www.techeye.net/security/sophos-pours-water-on-stonesofts-new-ids-attacks). Others not so (http://www.cert.fi/en/reports/2010/vulnerability385726.html). And I guess some are middle of the road (https://www.icsalabs.com/blogs/icsa-labs’-role-stonesoft-discovered-advanced-evasion-techniques). What will be interesting is if vendors will take this seriously and finally fix the ability to turn an IPS into Swiss-cheese, even based on evasions that were published five or more years ago."
Link to Original Source