Attack Types and Signatures
Question
Which of the following types of signatures is used in an Intrusion Detection System to trigger on attacks that attempt to reduce the level of a resource or system, or to cause it to crash?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.C.
Following are the basic categories of signatures: Informational (benign): These types of signatures trigger on normal network activity.
For example: ICMP echo requests The opening or closing of TCP or UDP connections Reconnaissance: These types of signatures trigger on attacks that uncover resources and hosts that are reachable, as well as any possible vulnerabilities that they might contain.
For example: Reconnaissance attacks include ping sweeps DNS queries Port scanning Access: These types of signatures trigger on access attacks, which include unauthorized access, unauthorized escalation of privileges, and access to protected or sensitive data.
For example: Back Orifice A Unicode attack against the Microsoft IIS NetBus DoS: These types of signatures trigger on attacks that attempt to reduce the level of a resource or system, or to cause it to crash.
For example: TCP SYN floods The Ping of Death Smurf Fraggle Trinoo Tribe Flood Network.
The correct answer is C. DoS.
An Intrusion Detection System (IDS) is a security tool designed to detect and alert on attempts to compromise a computer system or network. There are different types of IDS, including host-based IDS and network-based IDS. An IDS can use different methods to detect attacks, including signature-based detection.
A signature-based detection system uses pre-defined patterns or signatures to identify known attacks. When the IDS detects traffic that matches a specific signature, it generates an alert or takes other action as specified by the security policy.
Denial of Service (DoS) attacks are a common type of attack that attempt to overwhelm a system or network with traffic or requests, causing it to become unavailable or unusable. DoS attacks can take different forms, including flooding the system with traffic or exploiting vulnerabilities to crash the system.
An IDS can use signatures to detect DoS attacks. The signature for a DoS attack may include patterns or characteristics that indicate an attempt to consume a resource or overload a system. For example, the signature may include specific packet sizes or frequencies, or specific network protocols or commands that are commonly used in DoS attacks.
When the IDS detects traffic that matches the DoS signature, it can trigger an alert, log the event, or take other actions as specified by the security policy. The purpose of detecting DoS attacks is to identify and block the attack before it causes damage to the system or network.
In summary, the correct answer to the question is C. DoS, as it is the type of signature used in an IDS to detect attacks that attempt to reduce the level of a resource or system, or to cause it to crash.
