Which of the following types of signatures is used in an Intrusion Detection System to trigger on
attacks that attempt to reduce the level of a resource or system, or to cause it to crash?
A.
Access
B.
Benign
C.
DoS
D.
Reconnaissance
Explanation:
Following are the basic categories of signatures: Informational (benign): These
types of signatures trigger on normal network activity. For example: ICMP echo requests The
opening or closing of TCP or UDP connections Reconnaissance: These types of signatures trigger
on attacks that uncover resources and hosts that are reachable, as well as any possible
vulnerabilities that they might contain. For example: Reconnaissance attacks include ping sweeps
DNS queries Port scanning Access: These types of signatures trigger on access attacks, which
include unauthorized access, unauthorized escalation of privileges, and access to protected or
sensitive data. For example:
Back Orifice A Unicode attack against the Microsoft IIS NetBus DoS: These types of signatures
trigger on attacks that attempt to reduce the level of a resource or system, or to cause it to crash.
For example: TCP SYN floods The Ping of Death Smurf Fraggle Trinoo Tribe Flood Network