入侵检测规则基础知识（basic knowledge of intrusion detection rules）

《入侵检测规则基础知识（basic knowledge of intrusion detection rules）》由会员上传分享，免费在线阅读，更多相关内容在教育资源-天天文库。

1、入侵检测规则基础知识（Basicknowledgeofintrusiondetectionrules）BasicknowledgeofintrusiondetectionrulesNetworkintrusiondetectionsystemrulereferstoapatternthatweneedtofindinnetworkcommunication.InorderforyoutobedifferentfromeachotherTherulesofthetypehaveabasicconcept,solet'slookats

2、omeexamplesandmethodsthatcanbeusedtoidentify.AconnectionrequestsentfromafixedIP.ThiscanbeeasilyidentifiedbytheoriginaladdressareaintheIPheaderfile.AcollectionwithanillegalTCPtagpackage.ThiscanbedonethroughknownlegalandillegalcollectionoftagsandTCPheaderfilesThemarkers

3、compareanddrawconclusions.ContainsthespecialvirusE-mail.IDScanbeassociatedwithaknownvirusmessagebythenameofthemailorthenameoftheattachmentThetitleofguaniscomparedandconcluded.TheDNSbufferoverflowattemptisincludedinthequeuepayload.YoucananalyzetheDNSdomainandcheckthele

4、ngthofeachqueueDegrees,sothatIDScantellifthereisabufferoverflowattemptintheDNSdomain.Oranotherway,Tofindoutifthereisanoverflowprograminthepayloadqueue.AdenialofserviceattackonaPOP3serverisimplementedbycommittingthousandsofidenticalcommands.ThewaytodealwiththisattackIt

5、isthenumberoftimesthatthecommandiscommitted,andthealarmwillbeissuedoncemorethanthenumberoftimesitisset.FileaccessattacksonFTPserversbysubmittingfilesordirectoriestotrytoskipthepreviousloginprocess.YoucanopenSendatrackingsystemtomonitorthesuccessfullandingofFTPcommunic

6、ationsifyoufindsomeonetryingtoadvancethroughthesystemIncoming,thealarmwillbeissued.Asyoucanseefromabove,thescopeoftheruleisverybroad,fromthesimplestcheckheadertohighlycomplex,forexampleTruetrackingofconnectionstatusorextensiveprotocolanalysis.Inthisarticle,we'lllookat

7、somesimplerules,andthenDiscusstheircomplexityindevelopment.NotethattheabilityoftherulechangesindifferentIDS,sothisarticleThetechniquesdescribedmaynotbeapplicableinthefirewallyouuse.Forexample,somenetworkIDSproductsareprovidedtocustomersTheabilitytowriterulesorconfigur

8、eexistingrulesisweak,andthereareproductsthatalmostallowyoutocustomizealltheexistingrulesAnddefinealltherulesthatyoucanthinko