Appendix A. Exploits and Scans to Apply Exploits

In this appendix, we will examine a number of network traces. Each has a story to tell. Most of these traces are in the TCPdump format. This format is consistent with the traces in the book TCP/IP Illustrated, Volume 1: The Protocols, by Richard Stevens (published by Addison Wesley, 1994). This reference should be at the fingertips of any serious intrusion-detection analyst

False Positives

This appendix starts with some of the errors analysts are prone to make. Although the Computer Incident Response Teams (CIRTs) hire some top-notch analysts, the errors in this first section are just subtle enough ...

Get Network Intrusion Detection, Third Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Network Intrusion Detection, Third Edition by Stephen Northcutt, Judy Novak

Appendix A. Exploits and Scans to Apply Exploits

False Positives

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly