Hi TurkHackTeam members. In this article, we will look at the "What is Signature Based Attack Detection?" subject together. I hope it will be useful for those who are interested, let's move on...
First of all, let's figure out what an intrusion detection system is
What is Intrusion Detection System?
Intrusion detection systems are software or hardware used to detect cyber attacks against networks, servers or systems, and to examine individual packets on the network and to monitor the network.
What is Signature Based Attack Detection?
After the signature-based attack detection system monitors and signs the packets on the network, the attackers can use their previous attack patterns.
It compares the packets in the relevant network. In this way, it quickly detects the attacks and notifies the system administrator.
What are the methods of circumventing the Signature-Based Intrusion Detection System?
1 ==> Fragmentation Attack
2 ==> Attack of Avoıding Using Defaults
3 ==> Coordinated, Low-Bandwith Attacks
4 ==> Address Spoofing/Proxy Server Creation Attacks
5 ==> Pattern Change Hijack Attacks
1 ==> Fragmentation Attacks
The attacker will confuse the Signature-based attack detection system by sending fragmented packets and will be able to dodge it easily. This attack is called Fragmentation Attack.
2 ==> Attack of Avoıdng Using Defaults:
As an example: Let a Signature Based Intrusion Detection System listen to port 4444. If an attacker redirects the port 4444, which the signature intrusion detection system will listen to, to another port, for example, let's say what will happen if the attacker redirects the port ==> 8080. In this way, it will be able to perform an attack on port 4444 and the port will become vulnerable to attack. This event is called the Avoıding Using Defaults Attack.
3 ==> Coordinated, Low-Bandwith Attacks
If the attackers attack the system or the server in a coordinated way, the signature-based attack detection system will have a great difficulty in detecting the attack by monitoring the packets on the network. The name of this attack is Coordinated, Low Bandwidth Attacks.
4 ==> Address Spoofing/Proxy Server Creation Attacks:
Address Spoofing Attacks can facilitate where the source of the attack is by using a low security and improperly configured VPN, i.e. Proxy servers, to reverse any attack, but if it is forged and rejected by the main server, the source of the attack will be very difficult to find. This type of attack is called Address Spoofing/Proxy Server Creation Attacks.
5 ==> Pattern Change Hijack Attacks
In Signature-Based Attack Detection Systems, they usually use the "pattern matching" method to detect an attack. Attackers can manage to circumvent Signature Based Attack Detection Systems by modifying this data. This attack is called Pattern Change Hijack Attacks.
This was all. Thanks for reading.
Have a nice day.
Son düzenleme:
