Describe these evasion methods

Implementing Cisco Cybersecurity Operations (210-255)

• Encryption and Tunneling: Attackers use encryption and tunneling to obfuscate their attacks. VPN technologies like IPSec can be used to keep IPS/IDS from seeing the command and control traffic or even the attack traffic.
• Resource Exhaustion: A denial of service attack against security appliances like IPS can cause them to fail open thus removing their protection.
• Traffic fragmentation: By sending small fragments instead of the entire normal packet, attackers may be able to avoid detection by IPS systems because they may not see the attack as a whole to match a signature.
• Protocol-level misinterpretation: Using how protocols are supposed to work, attackers can manipulate their traffic to look different to IPS to avoid detection or to look like duplicate traffic.
• Traffic substitution and insertion: Using different encodings (ASCII vs Unicode) or hex instead of decimal are examples of substitution to avoid detection.
• Pivot: Pivoting from one host to another to another to keep an attack going can allow an attacker to get further access because a system may have access to more of the network than the previous host.