Protect Your Information with Intrusion Detection (Power)

Chapter 1: Introduction to Intrusion Detection

Example 1.1. Transmission of the Password File as a Part of LOK12 Attack
Example 1.2. Detecting LOK12 Attack (TCPdump Log-File Fragment)
Example 1.3. Providing Remote Clients Access to Local Servers by the Telnet
Example 1.4. Remote Attack with the FTP Protocol (for the IPCHAINS Firewall)

Chapter 4: The Three Basic Principles of Intrusion Detection

Example 4.1. Port Scanning Implemented Using Haktek (TCPdump Log File)
Example 4.2. Port Scanning (-sT) Using Nmap (a Fragment of the TCPdump Log File)
Example 4.3. Port Scanning (-sS) Using Nmap (a Fragment of the TCPdump Log File)
Example 4.4. Port Scanning (-sU) Using Nmap (a Fragment of the TCPdump Log File)
Example 4.5. Detecting Host Scanning (a Fragment of the Check Point Firewall-1 Log File)
Example 4.6. Host Scanning (a Fragment of the TCPdump Log File)
Example 4.7. Detection of the SMURF and Fraggle Attacks (a Fragment of the Cisco Router Log File)
Example 4.8. Detecting Scanning for Vulnerable CGI Scripts (a Fragment of the WWW Server Log File)
Example 4.9. Detecting Requests to Vulnerable CGI Scripts Such as Test-cgi and Aglimpse (a Fragment of the Snort Log File)
Example 4.10. Detecting the Usage of Reserved Addresses
Example 4.11. Detecting the Usage of Reserved Addresses
Example 4.12. Land Attack (TCPdump Log File Fragment)
Example 4.13. Stealth Scanning Using SYN/ACK (Fragment of the TCPdump Log File)
Example 4.14. FIN Scanning (-sF) Using Nmap
Example 4.15. Xmas Scanning (-sX) Using Nmap (a Fragment of the TCPdump Log File)
Example 4.16. Null Scanning (-sN) Using Nmap
Example 4.17. Null Scanning Using Nmap
Example 4.18. FIN Scanning Using Nmap
Example 4.19. The "Christmas Tree Pattern" (Fragment from a Snort Log File)
Example 4.20. Detecting a Suspicious Situation (a Fragment of the Dragon Log File)
Example 4.21. OS Fingerprinting Using QueSO
Example 4.22. OS Fingerprinting Using QueSO (a Fragment of the TCPdump Log File)
Example 4.23. Using Reserved ECN Flags in the TCP Packet Header (a Fragment of the TCPdump Log File)
Example 4.24. Using Reserved ECN Flags in the TCP Header
Example 4.25. Detecting Suspicious Activity (a Fragment of the TCPdump Log File)
Example 4.26. Detecting a Ping of Death attack (a fragment of the TCPdump log file)
Example 4.27. The Tiny Fragment Attack (a Fragment of the TCPdump Log File)
Example 4.28. Detecting the SubSeven Trojan (a Fragment of the Snort Log File)
Example 4.29. Detecting the SubSeven Trojan (a Fragment of the IPCHAINS Log File)
Example 4.30. Detecting the SubSeven Trojan (a Fragment of the Ascend SecureConnect 3.03 Log File)
Example 4.31. Detecting the SubSeven Trojan (a Fragment of the ZoneAlarm Log File)
Example 4.32. Detecting the SubSeven Trojan
Example 4.33. Detecting the SubSeven Trojan
Example 4.34. Detecting of the SubSeven Trojan
Example 4.35. Detecting the Satans Trojan (a Fragment of the Snort Log File)
Example 4.36. Detecting the BackOrifice Trojan (a Fragment of the SHADOW Log File)
Example 4.37. Detecting the BackOrifice Trojan (a Fragment of the IPCHAINS Log File)
Example 4.38. Detecting the BackOrifice Trojan (a fragment of the TCPdump log file)
Example 4.39. Detecting the WinTrin00 Trojan (a Fragment of the Cisco Router Log File)
Example 4.40. Detecting the mstream Trojan
Example 4.41. Detecting the NetBus Trojan (the Output Produced by the Netstat -a Command)
Example 4.42. Detecting the NetBus Trojan
Example 4.43. Analysis of the Header Returned by the IMAP Service
Example 4.44. Examples of Security Messages Produced by Cisco Equipment
Example 4.45. A Fragment of the Check Point Firewall-1 Log File
Example 4.46. A Fragment of the Apache Log File (access_log)
Example 4.47. A Fragment of the Apache Log File (error_log)

Chapter 5: Detecting Attack Traces

Example 5.1. Exploiting the expn Vulnerability in Sendmail Implementation
Example 5.2. Failed Attempts to Logon to Windows Nt 4.0 (Fragments of the Security Log File)

Chapter 9: Selecting an Intrusion Detection System

Listing 9.1. An Example of a Rule in P-BEST for Detecting Failed Logon Attempts
Listing 9.2. An Example of a Rule for Detecting a WinNuke Attack Written in N-Code
Listing 9.3. An Example of a Rule for Detecting a Land Attack Written in N-Code
Listing 9.4. An Example of a Rule for Detecting Attempts of Xmas Scanning Written in N-Code
Listing 9.5. Fragment of the Rule DESCRIBING the Land Attack Using Predefined Variables
Listing 9.6. An Example of a Rule Created Using the RUSSEL Language for Detection of Failed Login Attempts During the Specified Time Period
Listing 9.7. An Example of a SecureLogic Script
Listing 9.8. An Example of a Description of Hidden TCP Scanning Written in CASL
Listing 9.9. A Fragment of an NASL Script Describing a Check for Detecting Web Server Vulnerability
Listing 9.10. A Fragment of the NASL Script Describing the Check to Detect FTP-Server Vulnerability
Listing 9.11. An Example of a Rule Written in VDL That Detects the Presence of the Telnet Service
Listing 9.12. An Example of a Rule Written in VDL That Detects the Presence of the SuperApp Application
Listing 9.13. A Fragment of the TCPdump Log File
Listing 9.14. A Fragment of the Apache Web Server Log File Named access_log
Listing 9.15. A Fragment of the SecurityEvent Log File of a Windows NT-Based Operating System
Listing 9.16. A Fragment of the Cisco IDS 4200 Log File
Listing 9.17. A Fragment of the Snort Log File
Listing 9.18. An Example of Script Written Using the Expect Language to Reconfigure Cisco Routers

Chapter 11: Using Intrusion Detection Systems

Example 11.1. Automation of the Security Scanning Process and Report Creation (in Internet Scanner for Windows NT)
Example 11.2. Using the AT Scheduler (Windows NT)

Chapter 12: Common IDS Problems

Example 12.1. An Example Illustrating the Malicious Usage of JavaScript

Chapter 13: Standardization in the Field of Intrusion Detection

Example 13.1. An Example Illustrating the Use of CISL for Describing Rules for Deleting the/etc/passwd File

Related

Категории