Question

In: Computer Science

Considering the TCP ACK Scan that we have seen in class, write a signature for an...

Considering the TCP ACK Scan that we have seen in class, write a signature for an Intrusion Detection System (IDS) that is able to catch it.

Solutions

Expert Solution

TCP ACK Scan:

  • TCP ACK scan used for specific kinds of attacks, such as the TCP SYN flood( " It is a part of the Distributed Denial of Service attack that exploits part of the normal TCP three-way handshaking process") .
  • TCP stand for Transmission control protocol.
  • It is part of the Computer network.
  • TCP is used for  “three-way handshake” to connect two devices.
  • First, the client requests a connection by sending a synchronize message to the server.
  • Then server respond with server acknowledges by sending a synchronize-acknowledge message back.
  • Finally, the client responds with an acknowledge message, and the connection will be complete.
  • As a result, the ports stay open while they wait for the synchronize-acknowledge message to be received, during this time the attacker sends more synchronize messages, the server’s connection overflow, and the result of this that the system will crash.

Intrusion Detection System (IDS):

  • It is a kind of tool or software that works with our network to keep it secure when somebody is trying to break into our system.
  • It is used to monitors a network for malicious activity or policy violations.
  • Some IDS’s are capable of responding to detected intrusion upon discovery.

Signature for an Intrusion Detection System (IDS):

  • Signature of an Intrusion detection system are used to detecting intrusion.
  • Basically, a signature is a rule that examines a packet or series of packets for certain contents, such as matches on packet header or data payload information.
  • Signature of an Intrusion detection system uses a signature database to trigger intrusion alarms.
  • Signature of an Intrusion detection system is a completely new attack type may not be picked up at all by signature-based IDS because the signature doesn’t exist in the database.
  • It is impossible to analyze each connection and check it against the database.
  • The sensor platform monitors the network and the director platform provides a single GUI management interface for the end user.
  • Signature of an Intrusion detection system searching for a specify “signature,” patterns, or identity, of an specific intrusion event.
  • Signature of an Intrusion detection system are implementated by two way:
  1. Context implementation: Context signatures examine only the packet header information like IP address ,IP protocol etc
  2. Content Implementation: Content signatures look inside the packet headers.


Related Solutions

As we have seen in class, hypothesis testing, and confidence intervals are the most common inferential...
As we have seen in class, hypothesis testing, and confidence intervals are the most common inferential tools used in statistics. Imagine that you have been tasked with designing an experiment to determine reliably if a patient should be diagnosed with diabetes based on their blood test results. Create a short outline of your experiment, including all the following: A detailed discussion of your experimental design. Detailed experimental design should include the type of experiment, how you chose your sample size,...
3. As we have seen in class, hypothesis testing and confidence intervals are the most common...
3. As we have seen in class, hypothesis testing and confidence intervals are the most common inferential tools used in statistics. Imagine that you have been tasked with designing an experiment to determine reliably if a patient should be diagnosed with diabetes based on their blood test results. Create a short outline of your experiment, including all of the following: A detailed discussion of your experimental design. How is randomization used in your sampling or assignment strategy? The type of...
2. In class we have seen that, in a perfectly competitive market, market equilibrium is efficient....
2. In class we have seen that, in a perfectly competitive market, market equilibrium is efficient. a. (5) What do economists mean by efficient? (i.e. Why do we characterize market equilibrium as efficient?) b. (5) What is missing in the concept of efficiency? Give an example of a market in which we might not be as concerned about maximizing efficiency.
As we have seen in class, hypothesis testing and confidence intervals are the most common inferential...
As we have seen in class, hypothesis testing and confidence intervals are the most common inferential tools used in statistics. Imagine that you have been tasked with designing an experiment to determine reliably if a patient should be diagnosed with diabetes based on their blood test results. Create a short outline of your experiment, including all of the following: A detailed discussion of your experimental design. How is randomization used in your sampling or assignment strategy? The type of inferential...
We have seen in class that the labor force participation of women has increased considerably in...
We have seen in class that the labor force participation of women has increased considerably in the last 50 years in many countries of the world. Unfortunately, during the same time, in some countries, gender wage gap has increased. Newspapers in these countries have reported this increase in the gender wage gap as evidence that there have been an increase in the number of discriminating firms or in how discriminating they are. Using the model of discrimination learned in class,...
We have seen in class that the labor force participation of women has increased considerably in...
We have seen in class that the labor force participation of women has increased considerably in the last 50 years in many countries of the world. Unfortunately, during the same time, in some countries, gender wage gap has increased. Newspapers in these countries have reported this increase in the gender wage gap as evidence that there have been an increase in the number of discriminating firms or in how discriminating they are. Using the model of discrimination learned in class,...
Given an array, write code to scan the array for a particular purpose. Given a class,...
Given an array, write code to scan the array for a particular purpose. Given a class, write a getter and/or a setter. Given a class with a list, write code that manages the list.
Considering what you have learned in this lab and in class, write a hypothesis to explain...
Considering what you have learned in this lab and in class, write a hypothesis to explain why we observe a higher fraction of elliptical galaxies within a cluster and a higher fraction of spiral galaxies in the field. Think about how being in a crowded cluster versus alone might affect the morphology or appearance of a particular galaxy.
We have seen in lectures that if 50 people are chosen at random then there is...
We have seen in lectures that if 50 people are chosen at random then there is a 97% chance that at least two of them share the same birthday. Use similar calculations to answer the questions below. Assume that an ANU student is equally likely to have any one of 000 ... 999 as the last three digits of their ID number. (a) What is the percentage chance that in a working group of five students at least two have...
Consider some of the disaster events we have experienced or that you have seen in the...
Consider some of the disaster events we have experienced or that you have seen in the news during the past few years, occurring locally, across a state, nationally, or globally. What event do you think is most likely to be the next "big" disaster? Tell why you chose this event, and what you think the Public Health Response system's role should be in responding to it.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT