{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

Thro ug hput o f nids targ e ting 10s o f g bps eg 32

Info icon This preview shows pages 12–22. Sign up to view the full content.

View Full Document Right Arrow Icon
Thro ug hput o f NIDS , targ e ting  10s  o f G bps E.g ., 32 ns e c  fo r 40 byte  TC P S YN pac ke t Re s ilie nt to  attac ks
Image of page 12

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Architecture of Network IDS Packet capture libpcap Packet capture libpcap TCP reassembly TCP reassembly Protocol identification Protocol identification Packet stream Packet stream Signature matching Signature matching (& protocol parsing when needed) (& protocol parsing when needed)
Image of page 13
Firewall/Net IPS VS Net IDS Fire wall/IPS Ac tive  filte ring Fail-c lo s e Ne two rk IDS Pas s ive  m o nito ring Fail-o pe n FW/IPS IDS
Image of page 14

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Related Tools for Network IDS (I) While not an element of Snort, Ethereal is the best open  source GUI-based packet viewer www.ethereal.com  offers: Windows UNIX, e.g.,  www.ethereal.com/download.html Red Hat Linux RPMs: ftp.ethereal.com/pub/ethereal/rpms/ 
Image of page 15
Image of page 16

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Related Tools for Network IDS (II) Also not an element of Snort, tcpdump is a well-established  packet capture tool  www.tcpdump.org  offers UNIX source http://www.winpcap.org/windump/   offers windump, a Windows  port of tcpdump  windump is helpful because it will help you see the different interfaces  available on your sensor
Image of page 17
Case Study: Snort IDS
Image of page 18

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Problems with Current IDSs Inac c urac y fo r e xplo it bas e d s ig nature s C anno t re c o g nize  unkno wn  ano m alie s /intrus io ns C anno t pro vide  q uality info  fo r fo re ns ic s  o r  s ituatio nal-aware  analys is Hard to  diffe re ntiate  m alic io us  e ve nts  with uninte ntio nal  ano m alie s Ano m alie s  c an be  c aus e d by ne two rk e le m e nt faults , e .g ., ro ute r  m is c o nfig uratio n, link failure s , e tc ., o r applic atio n (s uc h as  P2P)  m is c o nfig uratio n C anno t te ll the  s ituatio nal-aware  info : attac k  s c o pe /targ e t/s trate g y, attac ke r (bo tne t) s ize , e tc .
Image of page 19
Lim itatio ns  o f Explo it Bas e d S ig nature 1010101 10111101 11111100 00010111 Our network Traffic Filtering Internet Signature: 10.*01 X X Polymorphic worm might not have exact exploit based signature Polymorphism!
Image of page 20

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Vulne rability S ig nature Wo rk fo r po lym o rphic  wo rm s Wo rk fo r all the  wo rm s  whic h targ e t the s am e  vulne rability Vulnerability  signature traffic  filtering Internet X X Our network Vulnerability X X
Image of page 21
Image of page 22
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern