IDS mailing list archives
Re: Packet/Protocol Anomaly Detection with IDS
From: Joachim Schipper <j.schipper () math uu nl>
Date: Fri, 20 May 2005 17:40:49 +0200
On Thu, May 19, 2005 at 08:50:55PM -0000, Harald Frlinger wrote:
Hi Community, im a student, and at the moment im searching for some input to write my exam. The title is "Packet/Protocol Anomaly Detection with IDS", i already got some good input. But some things are quiet hard to find. What i need is some examples on attacks, on specific protocols, like ftp, http, tcp ... I know there are attacks like Dos or Buffer Overflows. But i need some more. Maybe you can tell me some good ressources or examples. Thanks all, and sorry for my english. mfg harry
Hello Harry, one thing I recently discovered was HTTP response splitting (known for some time, but hey - I can't know everything). Quite interesting. Some FTP implementations (wuftpd) react(ed) badly to LIST commands with lots of wildcards, which allows an easy DoS. Brute-forcing might be interesting too. There are many others, but I'm just a student myself... ;-) Joachim
Attachment:
_bin
Description:
Current thread:
- Packet/Protocol Anomaly Detection with IDS Frlinger (May 19)
- Re: Packet/Protocol Anomaly Detection with IDS Joachim Schipper (May 24)
- Re: Packet/Protocol Anomaly Detection with IDS hibano haleluya (May 28)
- Re: Packet/Protocol Anomaly Detection with IDS Joachim Schipper (May 24)