Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > invades the examination > Content
Hot Articles
Based on CallStack count
Security precious book m
Bypasses the web key wor
How to use double WAN ro
Only opens 80 port's saf
pcshare official net exa
Uses IDS/IPS effectively
The invasion examination
pcshare official net exa
Making network security
The invasion examination
Serv-U bounce attack and
IDS invasion examination
php.ini explains in deta
Invasion examination + f
Recommend Articles
Only opens 80 port's saf
Bypasses the web key wor
Bypasses the CallStack f
Security precious book m
Based on CallStack count
pcshare official net exa
SQL Server SA idle talk
Honey jar and honey net
The invasion examines th
Four next generation inv
An accidental invasion e
The invasion examines (I
How to use IDS to invade
The invasion examination
A winding safe examinati
New Articles
To a Jinshan poisonous t
I to a some hacker techn
Carries on the safe exam
To some senior Technical
To a some agricultural s
health.china.com's frien
To a Jiangxi some teleco
To Tsinghua University's
To Tsinghua University's
To a some software compa
Uses Snort1.7
After the system suffers
The distributional invas
Surveys the LKM back doo
After one time by DNS at
Protection skill - IDS invasion characteristic storehouse foundation example analysis
  Add date: 09/25/2008   Publishing date: 09/25/2008   Hits: 2
Total 7 pages, Current page:1, Jump to page:
 
IDS must catch the invasion behavior effectively, must have a formidable invasion characteristic database, this is similar to the Public security department must have the perfect criminal database to be the same. But, IDS brings generally the characteristic database is quite stodgy, meets “turns hostile” the invasion behavior often to meet by chance is not acquainted with one another. Therefore, how does the manager have the essential academic society to found satisfies the actual need the characteristic data model, achieves Wan Bianying ten thousand changes! Will this article to invade the characteristic the concept, how the type as well as founds the characteristic to carry on introduced that hoped can help the reader grasps as soon as possible copes with “turns hostile” the method.

  First, characteristic (signature) basic concept

  In the IDS characteristic is refers to uses in distinguishing that the communication information type the model data, usually divides into many kinds, the following is some typical situations and the recognition methods:

  From retains the IP address the connection attempt: May through inspects the IP masthead (IP header) the origin address distinguish easily.

  Has the illegal TCP symbol union data packet: May through contrast in the TCP masthead the symbol collection distinguishes with known correct and the error mark union diversity.

  Includes special viral information Email: May through contrast each Email the subject information and the morbid state Email subject information distinguishes, or, distinguishes through search specific name's neighbor.

  Inquires in the load DNS buffer overflow attempt: May through analyze the DNS territory and inspect each territory the length to distinguish uses the DNS territory the buffer overflow attempt. Also has other recognition methods is: Searches “the shell code use” in the load (exploit shellcode) the sequence code combination.

  Through sends out the DoS attack which to the POP3 server over a thousand identical orders cause: Through tracks the number of times which record some order sends out continuously, has a look whether to have surpassed the preinstall upper limit, but sends out the alarm message.  

  Has not registered in the situation to use the document and the directory command to the FTP server's file archive attack: Has the FTP dialog which, the discovery through the foundation the condition track's characteristic model monitors registers successfully without the confirmation actually to send the order the invasion attempt.

  May see the characteristic from the above classification the covering scope to be very broad, has the simple masthead territory value, to have the highly complex connection condition track, to have the expansion protocol analysis. Will then know the fall, this article the characteristic will obtain from the simple, will discuss its function and the development in detail, has custom-made the method.

  Moreover please note: The different IDS product has the characteristic function also has a difference. For example: Some network IDS system only allows very few to have custom-made the characteristic data which the existence the characteristic data or the compilation need, moreover some, then allows in the very wide scope to have custom-made or the compilation characteristic data, even may be the random characteristic; Some IDS system can only inspect the definite masthead or the load value, moreover some may gain any information packet any position data.

 
Other pages: : 1 * 2 * 3 * 4 * 5 * 6 * 7 * Next>>
Prev:The invasion examination system principle, practices and selects and purchases Next:To Win2000 server invasion omen examination

Comment:

Category: Home > invades the examination
Home