Buffer Overflows, Viruses, and Worms

Evading Firewalls, IDS, and Honeypots

  • Pattern matching and anomaly detection are the two distinct types of IDS systems used.
  • Snort is a freeware IDS.

Table FF.12. Snort Keywords and Meaning

Keyword

Detail

content

Used to match a defined payload value.

ack

Used to match TCP ack settings.

flags

Used to match TCP flags.

id

Matches IP header fragment.

ttl

Used to match the IP header TTL.

msg

Prints a message.

Table FF.13. Snort Rulesets

Rule

Description

Alert tcp any any -> 192,168.13.0/24 (msg: "O/S Fingerprint detected"; flags: S12;)

OS fingerprint

Alert tcp any any -> 192,168.13.0/24 (msg: "NULL scan detected"; flags: 0;)

Null scan

Alert tcp any any -> 192,168.13.0/24 (msg: "SYN-FIN scan detected"; flags: SF;)

SYN/FIN scan

Alert udp any any -> any 69 (msg "TFTP Connection Attempt)";)

TFTP attempt

Alert tcp any any -> 192,168.13.0/24 (content: "Password"; msg: "Password Transfer Possible!";)

Password transfer

  • Attackers can use a range of techniques to attempt to prevent IDS detection, including flooding, evasion, and session splicing.

Buffer Overflows

Part I: Exam Preparation

The Business Aspects of Penetration Testing

The Technical Foundations of Hacking

Footprinting and Scanning

Enumeration and System Hacking

Linux and Automated Security Assessment Tools

Trojans and Backdoors

Sniffers, Session Hijacking, and Denial of Service

Web Server Hacking, Web Applications, and Database Attacks

Wireless Technologies, Security, and Attacks

IDS, Firewalls, and Honeypots

Buffer Overflows, Viruses, and Worms

Cryptographic Attacks and Defenses

Physical Security and Social Engineering

Part II: Final Review

Part III: Appendixes

Appendix A. Using the ExamGear Special Edition Software



Certified Ethical Hacker Exam Prep
Certified Ethical Hacker Exam Prep
ISBN: 0789735318
EAN: 2147483647
Year: 2007
Pages: 247
Authors: Michael Gregg

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net