GEN:SID 1:1104
Message WEB-MISC whisker space splice attack
Summary This event is generated when an attempt is made to evade an IDS in a possible
web attack by sending an obfuscated request in small increments.
Impact Unknown.
Detailed Information Under normal circumstances, a web request fits inside a single packet. However,
it is possible to obfuscate a web attack by sending the attack one character
at a time.  This may evade some IDS systems. Tools such as Whisker can
be configured to do this.
Affected Systems All Web Servers
Attack Scenarios An attacker can use an automated tool, like Whisker, to launch an attack
against a web server.
Ease of Attack Simple. Exploits and tools are widely available.
Corrective Action Check the host for signs of compromise.
Additional References  
Rule References url: www.wiretrip.net/rfp/pages/whitepapers/whiskerids.html
arachnids: 296