
HTTP Evader – Automate Firewall Evasion Tests - chatmasta
http://noxxi.de/research/http-evader.html
======
peterwwillis
A lot of what's seen as a "failure" to detect malware is a malware detection
policy that isn't strict enough. The strictest policies make it hard to browse
the web at all, and the deeper and wider you inspect, the more load on your
firewall and less traffic you can handle.

And of course, there will always be clients with non-standard behavior that a
more standards-compliant device won't catch, and some cases that are just
missed by the product. But firewalls should not be seen as a replacement for
client-side network or application security.

This tool is pretty neat, though, and has a lot of uses as a hacking tool.

------
thesmileyone
My software firewall/AV did it's job with the Eicar test file!

