Re: Packet/Protocol Anomaly Detection with IDS
From: Joachim Schipper (j.schipper_at_math.uu.nl)
Date: 05/20/05
- Previous message: Drew Simonis: "RE: SIM Tools, and endpoint security."
- In reply to: Harald : "Packet/Protocol Anomaly Detection with IDS"
- Next in thread: hibano haleluya: "Re: Packet/Protocol Anomaly Detection with IDS"
- Reply: hibano haleluya: "Re: Packet/Protocol Anomaly Detection with IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 20 May 2005 17:40:49 +0200 To: focus-ids@securityfocus.com
On Thu, May 19, 2005 at 08:50:55PM -0000, Harald Frlinger wrote:
>
>
> Hi Community,
>
> im a student, and at the moment im searching
> for some input to write my exam.
>
> The title is "Packet/Protocol Anomaly Detection with IDS", i already got some good input.
> But some things are quiet hard to find.
>
> What i need is some examples on attacks,
> on specific protocols, like ftp, http, tcp ...
> I know there are attacks like Dos or Buffer Overflows.
> But i need some more.
>
> Maybe you can tell me some good ressources or
> examples.
>
> Thanks all, and sorry for my english.
>
>
> mfg
> harry
Hello Harry,
one thing I recently discovered was HTTP response splitting (known for
some time, but hey - I can't know everything). Quite interesting.
Some FTP implementations (wuftpd) react(ed) badly to LIST commands with
lots of wildcards, which allows an easy DoS.
Brute-forcing might be interesting too.
There are many others, but I'm just a student myself... ;-)
Joachim
- application/pgp-signature attachment: stored
- Previous message: Drew Simonis: "RE: SIM Tools, and endpoint security."
- In reply to: Harald : "Packet/Protocol Anomaly Detection with IDS"
- Next in thread: hibano haleluya: "Re: Packet/Protocol Anomaly Detection with IDS"
- Reply: hibano haleluya: "Re: Packet/Protocol Anomaly Detection with IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
