some questions!
From: jason cheng (jason_cheng2003@hotmail.com)
Date: 03/01/03
- Previous message: Jacco Tunnissen: "Share your Honeypot and IDS experiences with the masses"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 1 Mar 2003 12:10:12 -0000 From: jason cheng <jason_cheng2003@hotmail.com> To: focus-ids@securityfocus.com('binary' encoding is not supported, stored as-is)
hello,everyone!
I am a chinese student.I am very interested in NIDS,especially protocol
analysis an pattern match NIDS.I am going to wirte a thesis about this
topic.But I do not know it.I have make a research on it for several months.
I have some questions that I can not understand yet.I hope get your
answer urgently.
1)I know pattern match is used in protocol analysis NIDS.Could you tell
me which module pattern is applied and what role is it in protocol
analysis NIDS?
2)Is AC_BM algorithm used in snort now?what is the performance data of
this algorithm?
3)Protocol anomaly is one subset of protocol analysis,then what other
subsets protocol analysis contain?
4)As we know,packets are decoded to detect if they comply with protocol
specification.In Mr. Robert Graham's article,he say "protocol are
decoded".Could you tell me whether they are same one?
Thank you very much!
-----------------------------------------------------------
<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
- Next message: Jason V. Miller: "Snort RPC Vulnerability"
- Previous message: Jacco Tunnissen: "Share your Honeypot and IDS experiences with the masses"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
