Response | Technology cont’d

• Intrusion detection cont’d

  • Packet-based intrusion detection
    • Packet filtering: Examine every packet for known attack signatures
    • Problem-1:
      • Detection uses known signatures (from hacks that were already successful somewhere)
      • But, once the vendor includes that attack signatures, hackers switch to another strategy with a new signature, unknown to intrusion detection software
    • Problem-2
      • There are 2,500-5,000 known attack signatures to compare with every packet
      • But, comparative engines can only compare packets to an active set of <200 signatures
      • Sometimes, old methods work once again...