x
48h OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
SPECIAL OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
HALLOWEEN OFFER
take advantage of our
terrific discounts
BUY NOW AND GET A 50% OFF
x
CHRISTMAS OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 40% OFF
x
SPECIAL OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 50% OFF
x
BLACKFRIDAY OFFER
Buy the best antivirus
at the best price
TODAY ONLY UP TO 70% OFF
x
CYBERMONDAY OFFER
Buy the best antivirus
at the best price
(Only for homeusers)
TODAY ONLY UP TO 70% OFF

Technical Support

Need help?

 

Is Panda GateDefender Integra designed to protect against attacks that try to evade the device?

Information applies to:

Products
Panda GateDefender Integra 100
Panda GateDefender Integra 300

To protect against attacks that try to evade security systems, the Panda GateDefender Integra IPS incorporates mechanisms that allow it to identify this type of activity and block it.

These mechanisms are implemented in the data pre-processing modules. One of the data pre-processing modules most widely used is data standardization.

When an attacker tries to evade an IPS, its main aim is to pass the malicious packets through the device, so that they reach the target without the IPS system detecting them as intrusion attempts. The methods used by these types of attacks are the following:

  • Packet fragmentation. The attacker takes advantage of the different implementations of TCP/IP stack in different operating systems to fragment packets.

    If a packet is too big, it can be divided into multiple fragments. This type of operation is known as fragmentation. Systems save the fragments they receive, wait until they have received all of the fragments and then reassemble them. Taking advantage of the different restore times of the fragmented packets, in some cases, an IPS system could withdraw the packet fragments when the target system is completing them. By doing this, an intruder could drop the attack in the IPS without it being identified.
  • TTL-based methods (packet time-to-live). In order to carry out this type of attack, the intruder needs prior knowledge of the target subnet topology.
  • Methods that exploit weak ‘string matching’ (widely-used in an IPS).
  • Other methods that use standards and rules that are not so strict or explicit. To do this, intruders take advantage of different interpretations and/or implementations in different environments.

The Panda GateDefender Integra IPS is based on snort free code implemented in the pre-processors. These provide functionality to use the same parameters for packet defragging, TTL, etc. as the parameters configured in the recipients of the packets inspected, regardless of whether it is a single host a subnet. The technology used by snort is a mature technology, thanks to the contributions of developers and collaborators who take part in this project.

Help nº- 20070702 31466 EN

Have you resolved your query with this article?

yes no

Thanks for your answer


Why didn't you find it helpful?


The instructions are too complex.
The instructions are too long.
The instructions don't work.
I'd rather have a video.
Other reasons.




Talk to a technician!

 

Business hours: Mondays-Fridays 9:00 to 18:00 CET

Outside business hours, please use the online form.





ALWAYS ONLINE TO HELP YOU TWITTER FORUM RATE US CHAT
ALWAYS ONLINE TO HELP YOU TWITTER FORUM RATE US CHAT