TCP ACK Scan:
- TCP ACK scan used for specific kinds of attacks, such as the
TCP SYN flood( " It is a part of the Distributed Denial of Service
attack that exploits part of the normal TCP three-way handshaking
process") .
- TCP stand for Transmission control protocol.
- It is part of the Computer network.
- TCP is used for “three-way handshake” to connect two
devices.
- First, the client requests a connection by sending a
synchronize message to the server.
- Then server respond with server acknowledges by sending a
synchronize-acknowledge message back.
- Finally, the client responds with an acknowledge message, and
the connection will be complete.
- As a result, the ports stay open while they wait for the
synchronize-acknowledge message to be received, during this time
the attacker sends more synchronize messages, the server’s
connection overflow, and the result of this that the system will
crash.
Intrusion Detection System (IDS):
- It is a kind of tool or software that works with our network to
keep it secure when somebody is trying to break into our
system.
- It is used to monitors a network for malicious activity or
policy violations.
- Some IDS’s are capable of responding to detected intrusion upon
discovery.
Signature for an Intrusion Detection System
(IDS):
- Signature of an Intrusion detection system are used to
detecting intrusion.
- Basically, a signature is a rule that examines a packet or
series of packets for certain contents, such as matches on packet
header or data payload information.
- Signature of an Intrusion detection system uses a signature
database to trigger intrusion alarms.
- Signature of an Intrusion detection system is a completely new
attack type may not be picked up at all by signature-based IDS
because the signature doesn’t exist in the database.
- It is impossible to analyze each connection and check it
against the database.
- The sensor platform monitors the network and the director
platform provides a single GUI management interface for the end
user.
- Signature of an Intrusion detection system searching for a
specify “signature,” patterns, or identity, of an specific
intrusion event.
- Signature of an Intrusion detection system are implementated by
two way:
- Context implementation: Context signatures
examine only the packet header information like IP address ,IP
protocol etc
- Content Implementation: Content signatures
look inside the packet headers.