Submitted by wukiped on Sun, 01/08/2012 - 14:50
We are not only interested in detection attacks but we want to prevent attacks. Snort does a great job as Intrusion Detection System (advertised as IDS). And if we use Snort in combination with SnortSAM we can also block hostile traffic by manipulation the policies or access lists on a firewall or router.
Submitted by wukiped on Sat, 01/07/2012 - 12:26
Although there exist more full-featured sniffer tools like tcpdump, ethereal and wireshark, it’s also possible to quickly look at the network traffic on a Snort sensor with Snort. The sniffer output is actually very easy to read and some may prefer it for quick captures.
Submitted by wukiped on Mon, 01/02/2012 - 11:37
Before we discuss the DNS Rebinding attack, we’ll explain some topics, like same-origin policy and DNS Pinning.
Same-origin policy
The same-origin policy enforces that websites stop interacting with one another through your browser. It states that code (like JavaScript) on a web page can only communicate with the server from which it came.
Submitted by wukiped on Sun, 01/01/2012 - 09:00
Why another article on denial of service (DoS) attacks? Those attacks are old news in many ways, but still remain difficult to block if the attack is well performed. A SYN flood for example can be conducted with spoofed IP addresses. Most of us associate DoS attacks with a huge amount of packets fired at one of our servers. But there are other kinds of DoS attacks too, which do not need that high number of requests. That’s our subject today!
Pages
