Rating:
(8 reviews)
Author: See details Amazon Warehouse Deals Fulfilled by Amazon Sign in to turn on 1-Click ordering
ISBN : 0735710635
New from $8.74
Format: PDF
Download file now Free Intrusion Signatures and Analysis [Paperback] from with Mediafire Link Download Link
Intrusion Signatures and Analysis opens with an introduction into the format of some of the more common sensors and then begins a tutorial into the unique format of the signatures and analyses used in the book. After a challenging four-chapter review, the reader finds page after page of signatures, in order by categories. Then the content digs right into reaction and responses covering how sometimes what you see isn¿t always what is happening. The book also covers how analysts can spend time chasing after false positives. Also included is a section on how attacks have shut down the networks and web sites of Yahoo, and E-bay and what those attacks looked like. Readers will also find review questions with answers throughout the book, to be sure they comprehend the traces and material that has been covered.
Direct download links available for Free Intrusion Signatures and Analysis [Paperback]
- Paperback: 448 pages
- Publisher: Sams Publishing; 1 edition (January 29, 2001)
- Language: English
- ISBN-10: 0735710635
- ISBN-13: 978-0735710634
- Product Dimensions: 0.9 x 6.8 x 8.8 inches
- Shipping Weight: 1.6 pounds (View shipping rates and policies)
Free Intrusion Signatures and Analysis
Disclaimer: I withdrew a chapter from this book, and my words appear on p. 25. "Intrusion Signatures" tries to share the collective wisdom of SANS GIAC certification candidates, tempered by more experienced SANS editors. I applaud their intentions, but the uneven analysis and commentary warrants faint praise. New analysts flying solo should not read this book. Analysts with a guru to consult should get his or her input before trusting the book's interpretations.Examples: (1) Eric Hacker expertly discusses a Windows password problem on pp. 77-85, but a significant trace is missing on p. 81. This causes the following dozen traces to not match their respective explanations. Would a new analyst notice? (2) Several times (p. 87, etc.) the authors fail to realize "public" is a common default SNMP "read" community string, while "private" is the "read/write" counterpart. This mistake is crucial elsewhere in the book. (3) The editors call a clear example of round-trip-time determination a "half-open DNS scan." It's ok for certification students to make judgement errors, but SANS editors should explain why that view isn't correct. (4) A very questionable "SYN flood" trace in ch. 10 doesn't match the "reproduction" of the same trace in the question-and-answer appendix -- that one's missing a crucial packet! (5) A "spoofed FTP request" in ch.11 looks like an active FTP data attempt to me. That concept is explained on p. 329, but the authors don't apply the same reasoning to ch.11's example. Why?
On the positive side, I was impressed by Mark Cooper's work on buffer overflows and ICMP redirects.