Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Packet/Protocol Anomaly Detection with IDS

from [Joachim Schipper] Network Security [Permanent Link]
Subject: Re: Packet/Protocol Anomaly Detection with IDS
Date: Fri, 20 May 2005 17:40:49 +0200 
On Thu, May 19, 2005 at 08:50:55PM -0000, Harald Frlinger wrote:



Hi Community,

im a student, and at the moment im searching
for some input to write my exam.

The title is "Packet/Protocol Anomaly Detection with IDS", i already got some 
good input.
But some things are quiet hard to find.

What i need is some examples on attacks, 
on specific protocols, like ftp, http, tcp ...
I know there are attacks like Dos or Buffer Overflows.
But i need some more.

Maybe you can tell me some good ressources or
examples.

Thanks all, and sorry for my english.


mfg
harry


Hello Harry,

one thing I recently discovered was HTTP response splitting (known for
some time, but hey - I can't know everything). Quite interesting.

Some FTP implementations (wuftpd) react(ed) badly to LIST commands with
lots of wildcards, which allows an easy DoS.

Brute-forcing might be interesting too.

There are many others, but I'm just a student myself... ;-)

                Joachim

Attachment: pgpQsk1OQ5wkZ.pgp
Description: PGP signature

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: SIM Tools, and endpoint security., Drew Simonis
Next by Date:  RE: Checkpoint SmartDefense, charles . fasching
Previous by Thread:  Packet/Protocol Anomaly Detection with IDS, Frlinger
Next by Thread:  Re: Packet/Protocol Anomaly Detection with IDS, hibano haleluya
Indexes:  [Date] [Thread] [Top] [All Lists]