CYB236 Chapter 6: Signature Detection Techniques

Questions and Answers

What is a signature in the context of signature-based IDS?

A pattern of legitimate network traffic

A firewall configuration to block suspicious traffic

A type of encryption algorithm used in secure communication

A pattern within a packet or a series of packets that corresponds to a known threat (correct)

What is the purpose of the SNORT rule provided in the text?

To encrypt network traffic for secure communication

To detect and block legitimate HTTPS traffic

To scan for open ports on a network

To detect and alert on TCP SYN flood attacks on a web server (correct)

How many TCP SYN requests must a client send to the server within 10 seconds to trigger the SNORT rule?

100 (correct)

500

50

200

What is the advantage of using signature-based IDS?

It can detect known threats with high accuracy

What is the disadvantage of using signature-based IDS?

It can only detect known threats

What is the purpose of the 'sid' parameter in the SNORT rule?

To specify the signature ID

What type of attack is caused by an attacker deliberately sending an IP packet larger than the 65,536 bytes allowed by the IP protocol?

Ping of Death attack

What is the main purpose of the SNORT rule designed to prevent ICMP floods?

To prevent ICMP floods by tracking the number of packets sent

What is the minimum number of ICMP packets required to trigger the ICMP flood attack detection?

500

What is the time period within which the ICMP flood attack detection rule counts the number of ICMP packets?

3 seconds

What is the purpose of the Brute Force attack detection rule?

To detect brute force login attempts on SSH

What is the minimum number of login attempts required to trigger the Brute Force attack detection?

5

What is the time period within which the Brute Force attack detection rule counts the number of login attempts?

60 seconds