Recently more and more attention has been paid to the intrusion detection systems (IDS) which don't rely on signature based detection approach. Such solutions try to increase their defense level by using heuristics detection methods like network-level emulation. This technique allows the intrusion detection systems to stop unknown threats, which normally couldn't be stopped by standard signature detection techniques.
In this article author will describe general concepts of network-level emulation technique including its advantages and disadvantages (weak sides) together with providing potential countermeasures against this type of detection method.
Paper can be found at:
Besides the new article:
Number of Kon-boot downloads exceeded 100.000 copies (still increasing) just from my website and this includes only downloads of the version published on 16.04.2009 - so barely two months ago. This really exceeded my expectations. A lot of people nuked me with huge number of e-mail messages demanding features, help and additional things. I am afraid i am unable to answer all of them. Not to mention e-mails like "how to burn this to CD" or "this iso image is empty" are simply ignored by default. Additionally i was forced to ban all the mass-downloaders, spam-bots and other nasty things from my website. If you were accidentally banned as well feel free to let me know. Occasionally i would like to send some kudos to Rafal Lesniak, who still hosts me :-)
P.S I'm currently moving to another city, so sorry for the answering delays.