Which of the following strategies can be used to defeat detection by a network-based IDS application?
ETHER: Destination address : 0000BA5EBA11 ETHER: Source address :
00A0C9B05EBD ETHER: Frame Length : 1514 (0x05EA) ETHER: Ethernet Type :
0x0800 (IP) IP: Version = 4 (0x4) IP: Header Length = 20 (0x14) IP:
Service Type = 0 (0x0) IP: Precedence = Routine IP: …0…. = Normal
Delay IP: ….0… = Normal Throughput IP: …..0.. = Normal
Reliability IP: Total Length = 1500 (0x5DC) IP: Identification = 7652
(0x1DE4) IP: Flags Summary = 2 (0x2) IP: …….0 = Last fragment in
datagram IP: ……1. = Cannot fragment datagram IP: Fragment Offset = (0x0) bytes IP: Time to Live = 127 (0x7F) IP: Protocol = TCP –
Transmission Control IP: Checksum = 0xC26D IP: Source Address =
10.0.0.2 IP:
Destination Address = 10.0.1.201 TCP: Source Port = Hypertext Transfer
Protocol TCP: Destination Port = 0x1A0B TCP: Sequence Number =
97517760 (0x5D000C0) TCP: Acknowledgement Number = 78544373 (0x4AE7DF5)
TCP:
Data Offset = 20 (0x14) TCP: Reserved = 0 (0x0000) TCP: Flags =
0x10 : .A…. TCP: ..0….. = No urgent data TCP: …1…. =
Acknowledgement field significant TCP: ….0… = No Push function TCP:
…..0.. = No Reset TCP: ……0. = No Synchronize TCP: …….0 = No
Fin TCP: Window = 28793 (0x7079) TCP: Checksum = 0x8F27 TCP: Urgent
Pointer = 0 (0x0)
An employee wants to defeat detection by a network-based IDS application. He does not want to attack the system containing the IDS application. Which of the following strategies can be used to defeat detection by a network-based IDS application?
What can you do to solve this problem?
You have discovered that an employee has attached a modem to his telephone line and workstation. He has used this modem to dial in to his workstation, thereby bypassing your firewall. A security breach has occurred as a direct result of this activity. The employee explains that he used the modem because he had to download software for a department project. What can you do to solve this problem?
To scan a host downstream from a security gateway, Firewalking:
To scan a host downstream from a security gateway, Firewalking:
Which of the following is not an effective countermeasure against replay attacks?
Which of the following is not an effective countermeasure against replay attacks?
You may be able to identify the IP addresses and machine names for the firewall, and the names of internal mai
You may be able to identify the IP addresses and machine names for the firewall, and the names of internal mail servers by:
What type of attack changes its signature and/or payload to avoid detection by antivirus programs?
What type of attack changes its signature and/or payload to avoid detection by antivirus programs?
what would you infer?
If you come across a sheepdip machaine at your client site, what would you infer?
what should you do?
If you come across a sheepdip machine at your client’s site, what should you do?
What is a sheepdip?
What is a sheepdip?
Why is this happening ?
All the web servers in the DMZ respond to ACK scan on port 80. Why is this happening ?