TAILIEUCHUNG - cisco security professional's guide to secure intrusion detection systems phần 6

Trên các bộ định tuyến POP Atlanta, OPSF tiêu chuẩn được cấu hình như là IGP. I-BGP được thiết lập giữa bộ định tuyến Atlanta và Raleigh POP. Một phiên E-BGP được thiết lập giữa các bộ định tuyến POP Atlanta và Peer 1. Chuyển đổi thẻ được kích hoạt | 314 Chapter 7 Cisco IDS Alarms and Signatures Table OTHER Micro-Engine Parameters Parameter Data Type Protected Required Description HijackMax OldAck Number No No Maximum number of old dataless client-to-server ACKs allowed before a Hijack alarm is triggered. HijackReset BOOLEAN True False No No Hijack signature requires a reset. ServicePorts Port Range No No List of ports and or port ranges the target service may be listening to. SynFloodMax Embryonic Number No No The maximum number of simultaneous embryonic connections allowed to any service. Embryonic connections are half-open connections. TrafficFlow Timeout NUMBER No No This is the number of seconds that no traffic is detected on the segment. Understanding Cisco IDS Signature Series Now we are going to discuss each of the signatures. I have taken the time to separate them into the numbered signatures range from 1000 all the way into the 11000s. Besides numerically grouping signatures the series number represents another type of grouping. They help the administrator narrow down what type of attack is generating the alarms. Are they atomic Is the attack a string sweep or web site exploit Although the numbers do cover multiple signature types they help the administrator narrow down his search. The following list gives a brief description of each signature series. Cisco IDS Alarms and Signatures Chapter 7 315 The 1000 series covers the signatures that analyze the content of IP headers. The 2000 series focuses on ICMP signatures. The 3000 series is all about TCP-based signatures. The 4000 series is all about UPD connections and ports on the network. The 5000 series is probably the largest. It covers web HTTP traffic. The 6000 series focuses on multiprotocol signatures. The 7000 series has the ARP signatures. The 8000 series is string-matching signatures. The 9000 series covers Back Doors. The 10000 series has signatures that focus on policy enforcement. Configuring the Sensing .

Đã phát hiện trình chặn quảng cáo AdBlock
Trang web này phụ thuộc vào doanh thu từ số lần hiển thị quảng cáo để tồn tại. Vui lòng tắt trình chặn quảng cáo của bạn hoặc tạm dừng tính năng chặn quảng cáo cho trang web này.