You are here: silicon.com > Resources > White Papers > Security > Intrusion - Tampering > Network Security

Network Security White Papers

Backtracking Algorithmic Complexity Attacks Against a NIDS

Tags:
network security

Overview Network Intrusion Detection Systems (NIDS) have become crucial to securing modern networks. To be effective, a NIDS must be able to counter evasion attempts and operate at or near wire-speed. Failure to do so allows malicious packets to slip through a NIDS undetected. This paper explores NIDS evasion through algorithmic complexity attacks. The paper presents a highly effective attack against the Snort NIDS, and the paper provides a practical algorithmic solution that successfully thwarts the attack. This attack exploits the behavior of rule matching, yielding inspection times that are up to 1.5 million times slower than that of benign packets. The analysis shows that this attack is applicable to many rules in Snort's ruleset, rendering vulnerable the thousands of networks protected by it.

Further White Paper Details
Publisher	University of Wisconsin	File Format	PDF
Date Published	September 2006
Format	White Papers
Topics	Network Security, Security Tools, Intrusion Detection Systems

Did you find this white paper useful? 2 out of 3 users found this white paper useful

Balancing Security Against Productivity

Publisher:
Novell

Novell Zenworks Endpoint Security Management: Total Control from a Single Console

Publisher:
Novell

Secure Desktop On-Demand Webcast

Publisher:
Novell

County Government Increases the Security of Its Network

Publisher:
Microsoft

Memorial Manufacturer Streamlines Order Processing, Assures Network Security

Publisher:
Microsoft

Catching wireless hackers in the act

The so-called Wireless Internet Security Experiment, or WISE, aims to "develop effective information security, intrusion detection, and incident response, and forensic methodologies for wireless networks," according to the project's web page.

Channel:
Security Strategy

Cisco battles Juniper with worms

A new element in the updated IOS is improved protection against denial of service attacks, which flood networks with millions of packets causing routers and servers to freeze under the pressure. Platon said the company is also working to extend its...

Channel:
Security Strategy

VoIP: Don't forget about security

At the call control level, King argues that Cisco's Call Manager application is protected with intrusion prevention software, and serves as a secure control hub for the IP phones. QoS [quality of service] is a key enabler when securing the network...

Channel:
VoIP
Tags:
security,
voip

Cracked: The Great Firewall of China

The researchers found it was possible to circumvent the Chinese intrusion detection systems (IDS) by ignoring the forged TCP resets injected by the Chinese routers, which would normally force the endpoints to abandon the connection.

Windows worm holes plugged

Attackers can remotely send malicious packets and cause code execution," he said. The remaining five would require people to visit a malicious website or open a malicious file for an attack to succeed, according to Microsoft's alerts.

The dos and don'ts of VoIP security

Additional tools that will help networks in case of any attack are intrusion detection and prevention systems, which scan for rogue incoming packets, and straightforward antivirus software which can help prevent any known threats from disrupting...

Telecom 2.0: Mind over matter

ntl:Telewest Business believes that the role of the telco is evolving. Gone are the days when it was enough to simply focus on circuits and minutes, customers now need a far higher degree of interaction and look for suppliers who will talk business solutions with them.

Publisher:
ntl:Telewest Business

IBM Information Server Change Data Capture

In today's fast-paced world, access to real-time data has never been more important. To be successful, organizations need to be able to report and analyze corporate data quickly and easily, regardless of what applications created the data, what platform they're running on, or what database they're stored in.

Publisher:
IBM

An examination of server consolidation: the trends that can drive efficiencies and help businesses gain a competitive edge

This white paper provides a starting point for organizations contemplating server consolidation. It includes an overview of server consolidation concepts and techniques and provides guidance on methodologies. It also looks at the potential cost savings associated with server consolidation and offers information on how organizations can sustain the advantage they have gained by consolidating their servers.

Publisher:
IBM

Also on silicon.com

Site Navigation:

Network Security White Papers

Backtracking Algorithmic Complexity Attacks Against a NIDS

Quick Sitemap Links:

About Us

Search

Blogs

Verticals

Advertising Features

CNET Networks in Europe

CNET Networks in the United States

CNET Networks in Asia Pacific