Notes

Outline

Chapter 14 Intrusion Detection

Hacker Capabilities

Types of Attackers

TCP SYN Flood DoS Attack

Trinoo Network Attack

Tribal Flood Network (TFN) Attack

Buffer Overflow Attack

Slide 8

Detecting Intrusions Statistical anomaly-based IDS Uses thresholds for various types of activities Pattern matching or signature-based IDS Uses a set of rules to detect an attack Content-based and context-based signatures Cisco host-based and network-based IDS detect attacks based on signatures and anomalies

Types of Signatures

Case Study: Kevin Metnick’s Attack on Tsutomu Simomura’s Computers