cisco security professional''''''''s guide to secure intrusion detection systems phần 3 pot

... Filtering 267_cssp_IDS_04.qxd 9/25/ 03 4: 43 PM Page 1 43 156 Chapter 4 • Cisco IDS Management Table 4.1 sysconfig-director Parameters Field Input Director Host ID 1-65 535 Director Organization ID 1-65 535 Director Host Name ... here. www.syngress.com Figure 4.12 Network Object Detection 267_cssp_IDS_04.qxd 9/25/ 03 4: 43 PM Page 133 Cisco IDS Management Solutions in this Chapte...

Ngày tải lên: 13/08/2014, 15:20

... Parameters 32 8 Adding a New Custom Signature 33 0 Understanding Cisco IDS Alarms 33 4 Alarm Level 5 – High Severity 33 4 Alarm Level 4 – Medium Severity 33 5 267_cssp_ids_TOC.qxd 9 /30 / 03 7:17 PM Page ... IDS 30 Anomaly-Based IDS 31 Defeating an IDS 32 Summary 34 Solutions Fast Track 35 Frequently Asked Questions 37 Chapter 2 Cisco Intrusion Detection 39 Introdu...

Ngày tải lên: 13/08/2014, 15:20

... 1 93 190 Chapter 5 • Configuring the Appliance Sensor Figure 5 .3 Telnet Server Access to IDS Sensor Serial Console Password: *********** Ciscoids-1 Ciscoids-1: login: Cisco IDS Software v3 To ... to the /tmp directory. 3. Log into the sensor as root. 4. Change the directory to the /tmp directory. 5. Change the binary file’s attributes so it is an executable: sensor# chmod +x IDSk9...

Ngày tải lên: 13/08/2014, 15:20

... ABC 172.16.1.0/24 Router1 192.168.0.0/29 Serial1 .1 Serial0 .1 Router2 Serial0 .2 Serial1 .1 Client1 Client2 Client3 .10 .20 .30 Client1 Client2 Client3 .10 .20 .30 267_cssp_ids_08.qxd 9 /30 / 03 2 :31 PM Page 35 3 32 4 Chapter 7 • Cisco IDS Alarms and Signatures Creating Custom Signatures Using IDM Custom ... Wizard is an interim tool for version 2.2.2 Unix Director users until the...

Ngày tải lên: 13/08/2014, 15:20

... configurations to the sensors. ■ It manages and distributes signatures to the sensors. IDS MC and Security Monitor Closely related to the Cisco IDS MC is the Cisco Monitoring Center for Security, ... 100 Fa0/1 Fa0/2 Fa0 /3 Fa3/1 Cisco IDS Sensor 267_cssp_ids_09.qxd 9 /30 / 03 4:27 PM Page 416 39 0 Chapter 9 • Capturing Network Traffic NOTE The monitor port does not run STP (Sp...

Ngày tải lên: 13/08/2014, 15:20

... Signatures 533 7-Dot Dot Slash in HTTP Arguments 533 8-Front Page Admin password retrival ■ Release version S 33 533 1-Image Javascript insertion 533 3-FUDForum File Disclosure 533 4- DB4Web File ... Attack 32 18-WWW SGI Wrap Attack 32 19-WWW PHP Buffer Overflow 32 20-IIS Long URL Crash Bug 32 50-TCP Hijack 33 00-NetBIOS OOB Data 33 03- Windows Guest Login 33 05-Windows Passw...

Ngày tải lên: 13/08/2014, 15:20

... 267_cssp_ids_02.qxd 9/25/ 03 4:40 PM Page 74 Cisco Intrusion Detection • Chapter 2 43 sensors, the Cisco Catalyst 6000 IDS Modules, Cisco IDS Modules for 2600, 36 00, and 37 00 routers, and the Cisco router ... Module for Cisco 2600, 36 00, and 37 00 Routers With the recent addition of the Cisco IDS Module for the 2600XM, 36 00, and 37 00 Cisco routers, Cisco provi...

Ngày tải lên: 13/08/2014, 15:20

... current 4,47,20 03/ 06/18,22:40: 23, 20 03/ 06/18,14:40: 23, 10008,57,100,OUT,OUT,2, 30 30,0,TCP/I P,10.4.2.75,0.0.0.0,0, 139 ,0.0.0.0, 4,48,20 03/ 06/18, 23: 21:50,20 03/ 06/18,15:21:50,10008,57,100,OUT,OUT,2, 30 30,0,TCP/I P,10.8 .3. 24,0.0.0.0,0, 139 ,0.0.0.0,7 To ... Door SYN-port 31 337 : back door SYN-port 31 337 9002 (SubSig 0) Back Door SYN-port 1524 : back door SYN-port 1524...

Ngày tải lên: 13/08/2014, 15:20

... provided by the Security Monitor .To access the Security Monitor from the CiscoWorks2000 Desktop, select the Monitoring Center and then the Security Monitor,as shown in Figure 10 .38 . To access reports ... the Cisco Secure Intrusion Detection Systems Exam (CSIDS 9E0-100) still refers to a total number of 59 signatures that Cisco IOS-IDS supports. www.syngress.com 267 _...

Ngày tải lên: 13/08/2014, 15:20

... request to one of two files is detected. www.syngress.com 267_cssp_ids_appx.qxd 9 /30 / 03 5 :35 PM Page 557 Cisco IDS Sensor Signatures • Appendix A 531 NOTE Signature 33 11 is only available in Cisco ... clear. N OTE Signature 33 13 is only available in Cisco IDS versions 4.0 and newer. ■ 33 14-Windows Locator Service Overflow:This signature fires when attempts are made to pas...

Ngày tải lên: 13/08/2014, 15:20