CYB236 Chapter 6: Signature Detection Techniques

Questions and Answers

What is a signature in the context of Signature-Based IDS Detection?

A pattern within a packet or a series of packets that corresponds to a known threat (correct)

A network protocol

A type of firewall rule

A type of network traffic

What is the purpose of the SNORT rule in the example?

To monitor network traffic usage

To block TCP traffic on port 443

To scan for viruses on a network

To detect and alert on TCP SYN flood attacks to a web server (correct)

What is the CONFICKER worm an example of?

A type of firewall

A type of virus

A known threat that can be detected by a signature (correct)

A type of network protocol

What is the advantage of using signature-based IDS detection?

It can detect known threats

What is the condition that triggers the SNORT rule in the example?

If a client sends more than 100 TCP SYN requests to the server within 10 seconds

What is the purpose of the detection filter in the SNORT rule?

To track the traffic by destination and count the number of requests within a certain time period

What is the purpose of the SNORT rule designed to prevent ICMP floods?

To prevent clients from sending more than 500 ICMP packets within 3 seconds

What is the maximum allowed size of an IP packet according to the IP protocol?

65,536 bytes

What is the threshold for detection of a brute force attack on SSH?

5 login attempts in 60 seconds

What is the purpose of the SNORT rule with sid:1111111?

To detect Ping of Death attacks

What is the name of the dataset mentioned in the text for intrusion detection?

All of the above

What is the classtype of the SNORT rule designed to prevent ICMP floods?

icmp-event

What is the purpose of the detection_filter in the SNORT rule designed to prevent ICMP floods?

To track by destination IP address and count the packets