Out of band data can be used for IDS evasion (TCP_Urgent_Data)

About this signature or vulnerability

RealSecure Network, RealSecure Server Sensor:

This signature detects out of band data being sent across your network.

Default risk level

Low risk vulnerability Low

Sensors that have this signature

RealSecure Network: SR 1.1, RealSecure Server Sensor: 5.5.2

Systems affected

Various vendors Any application

Type

Suspicious Activity

Vulnerability description

Out of band (OOB) data is used by a few rare network programs to send urgent message data at a higher priority than regular data. An attacker could misuse OOB data to evade intrusion detection systems or execute some Windows denial of service attacks.

How to remove this vulnerability

Examine the connection's destination port and determine if use of OOB data is normal for that service. If that service does not normally use OOB data, an attack may be in progress. Inspect the target system for signs of compromise.

References

ISS X-Force
Out of band data can be used for IDS evasion
http://www.iss.net/security_center/static/5378.php