|
|
|
Date Submitted:
08/18/05
Hits: 49 Rating:  based on 0 votes
Network Intrusion Detection Signatures, Part 3Added by Papergrl
Description:
This is the third in a series of articles on understanding and developing signatures for network intrusion detection systems. In Part One and Part Two, we examined the use of IP protocol header values, particularly TCP, UDP and ICMP, in network intrusion detection signatures. In this article, we will continue our discussion of signatures by studying the area of protocol analysis, focusing on the examination of values within TCP and UDP payloads. Network intrusion detection using protocol analysis-based signatures is very effective in detecting both known and unknown attacks involving protocols such as DNS, FTP, HTTP and SMTP.
Read the Complete Paper You don't have permission to post replies. Please login or register. |