Notes
Outline
Chapter 14
Intrusion Detection
Hacker Capabilities
Types of Attackers
TCP SYN Flood DoS Attack
Trinoo Network Attack
Tribal Flood Network (TFN) Attack
Buffer Overflow Attack
Slide 8
Detecting Intrusions
Statistical anomaly-based IDS
Uses thresholds for various types of activities
Pattern matching or signature-based IDS
Uses a set of rules to detect an attack
Content-based and context-based signatures
Cisco host-based and network-based IDS detect attacks based on signatures and anomalies
Types of Signatures
Case Study: Kevin Metnick’s Attack on Tsutomu Simomura’s Computers