Burglar Alarms for Detecting Intrusions Marcus J. Ranum <mjr at nfr.net>

Disclaimer

Burglar Alarms

Burglar Alarms (cont)

Burglar Alarms (cont)

Burglar Alarms (cont)

Burglar Alarms: Pro

Burglar Alarms: Con

The Right Thing to Do

Simple Burglar Alarm

Simple Burglar Alarm (cont)

Simple Burglar Alarm (cont)

Simple Burglar Alarm: 2

IDS and firewalls

IDS Firewall Alarm

IDS Firewall Alarm 2

Building: Burglar alarms

Building a Scan Alarm

A Scan Alarm

Building a Scan Alarm (cont)

Building a Scan Alarm (cont)

Trapping Actions

Trapping Actions (cont)

Trapping Actions (cont)

Chroot-a-nono

ls-o-matic

Shared-Library boobytrap

Nit-pick

File-change-o

File shrinkener

Stupid Hacker Tricks

Terrify Suzy*

Fake Hacktools

Roto-Router

Scan Slower

Phat Warez

Redirector

Socket Stuffer

Auditor Biter

Rat Poison Files

Noset Executable

No Exec Stack

Fake Holes

DumDum Users

Summary