IDS mailing list archives
Re: BARE BYTE UNICODE ENCODING
From: Adam Baldwin <baldwnad () yahoo com>
Date: Tue, 1 Jun 2004 18:34:44 -0700 (PDT)
Comments inline.. --- Annie Green <annie_r_green () hotmail com> wrote:
How should I analyse further to find out the type of attack that my company got?
You have to look at it in the context of your network and your environment. If you just pick up that one packet and say hi little packet, what are you doing, it most likely isn't going to reveal the larger picture (although that is not always the case) and in some cases all that is needed for an attack is a single packet. Look at what sensor picked up the traffic and alerted on it. The location in the network where this packet was alerted on, the destination of the traffic, what type of servers/services you run, are all good questions you can ask yourself. The main suggestion I would give would be to decide if that attack/alert poses a risk to your companys security. After you understand the implications of that alert/attack/rogue packet :-) in your environment, you can make that decision. If it is your companys policy to analyze all alerts, I hope they have deep pockets and lots of time.
Or if this is not an attack, how to find our which character in the packet that actually trigger the alert?
Depending on the IDS that your company has deployed compare the packet to the signature that particular IDS software provides. Did you deploy any new software lately that might be doing a funky dance over the network? Did you recently put up an unprotected IIS web server? Good questions to think about. Adam Baldwin baldwnad () yahoo com __________________________________ Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger. http://messenger.yahoo.com/ --------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- BARE BYTE UNICODE ENCODING Annie Green (Jun 01)
- Re: BARE BYTE UNICODE ENCODING Adam Baldwin (Jun 02)
- Network Traffic Flow learning and Simulation Mayank-Bhatnagar (Jun 18)
- RE: BARE BYTE UNICODE ENCODING Omar Herrera (Jun 02)
- Re: BARE BYTE UNICODE ENCODING nick black (Jun 04)
- Re: BARE BYTE UNICODE ENCODING Martin Roesch (Jun 07)
- Re: BARE BYTE UNICODE ENCODING nick black (Jun 07)
- RE: BARE BYTE UNICODE ENCODING Omar Herrera (Jun 07)
- Re: BARE BYTE UNICODE ENCODING Nigel Houghton (Jun 08)
- Re: BARE BYTE UNICODE ENCODING nick black (Jun 04)
- Re: BARE BYTE UNICODE ENCODING Adam Baldwin (Jun 02)
- <Possible follow-ups>
- Re: BARE BYTE UNICODE ENCODING Annie Green (Jun 02)
- Re: BARE BYTE UNICODE ENCODING Adam Baldwin (Jun 02)